CVE-2025-12243

A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated...

CVE-2025-12241

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

EUVD-2025-36125

A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated...

CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

CVE-2025-12241

TOTOLINK A3300R (firmware 17.0.0cu.557_B20221024) contains a stack-based buffer overflow in the POST Parameter Handler’s setLanguageCfg (parameter lang) in /cgi-bin/cstecgi.cgi. The issue allows remote code execution and remote impact with high severity (per CVE-2025-12241 descriptions across NVD...

PT-2025-43897

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file,...

CVE-2025-11608

A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack...

EUVD-2025-33871

A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack...

CVE-2025-11608

CVE-2025-11608 | code-projects E-Banking System 1.0 has a SQL injection in the POST Parameter Handler, originating from /register.php (parameters: username, password). Multiple sources confirm remote exploitation with a publicly disclosed exploit. Affected component: /register.php; vulnerability ...

PT-2025-41694

Name of the Vulnerable Software and Affected Versions code-projects E-Banking System version 1.0 Description A security issue exists in the E-Banking System. The flaw is located within the /register.php script, which handles POST requests. Manipulation of the username or password parameters can...

CVE-2025-11433

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

PT-2025-41225

Name of the Vulnerable Software and Affected Versions itsourcecode Leave Management System version 1.0 Description A security flaw exists in itsourcecode Leave Management System 1.0. The issue impacts the redirect function within the /module/employee/controller.php?action=reset file, specifically...

CVE-2025-11288

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

EUVD-2025-32706

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

CVE-2025-11390

Summary of CVE-2025-11390 impact : PHPGurukul Cyber Cafe Management System 1.0 contains a cross-site scripting vulnerability in the POST Parameter Handler’s /search.php file, caused by unsafely handling the searchdata parameter. Exploitation can be conducted remotely and public exploits exist. Th...

CVE-2025-11390 PHPGurukul Cyber Cafe Management System POST Parameter search.php cross site scripting

A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The atta...

CVE-2025-11386 Tenda AC15 POST Parameter SetDDNSCfg stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

EUVD-2017-11179

Malware in sbrugna...

PT-2025-40801

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.7 Description A security flaw exists in CRMEB that allows for SQL injection. The issue is related to the processing of the cate id argument within the GET Parameter Handler component, specifically in the file...