Tenda G3 getsinglepppuser function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...

Cross-Site Request Forgery (CSRF)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the endpoint parameter, which allows an attacker to perform cross-origin requests on behalf of an authenticated user...

PT-2025-36374

Name of the Vulnerable Software and Affected Versions: Trusted OS affected versions not specified Description: Insufficient parameter validation during process space allocation in the Trusted OS TOS can allow a malicious userspace process to trigger an integer overflow, potentially leading to a...

ERPNext SQL注入漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A SQL injection vulnerability exists in ERPNext versions prior to 14.89.2 and 15.0.0 through 15.75.1, which stems from insufficient parameter validation and could lead to SQL injection attacks...

PT-2025-40083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DAMON Data Access MONitor module’s RECLAIM and LRU SORT components. These modules lack validation of user-configured parameters during...

CVE-2025-51969

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the productid GET parameter, which is not properly validated before being included in a SQL statement...

Linux Distros Unpatched Vulnerability : CVE-2020-28984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - prive/formulaires/configurerpreferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, displaynavigation, displayoutils, imessage, an...

Linux Distros Unpatched Vulnerability : CVE-2017-7416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. CVE-2017-7416 Note that Nessus relies on the presence of the package as...

pyLoad 资源管理错误漏洞

pyLoad is a free open source download manager written in Python by pyLoad Open Source. A resource management error vulnerability exists in pyLoad that stems from insufficient validation of the jk parameter, which could lead to excessive server CPU usage...

Reflected Cross Site Scripting (XSS)

microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...

Sports Management System match.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/match.php. An attacker can exploit this vulnerabilit...

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

CVE-2025-9060

CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...

PT-2025-32222 · Bottinelli Informatical · Vedo Suite

Name of the Vulnerable Software and Affected Versions: Bottinelli Informatical Vedo Suite version 2024.17 Description: Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /api vedo/video/preview endpoint. This allows remote authenticated attackers t...

Exam Form Submission delete_s8.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes8.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

CVE-2025-53713 TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpmAPC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The...

PT-2025-31191 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A SQL injection vulnerability exists in Human Resource Management System version 1.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases via the ci...

PT-2025-31251 · Unknown · Phpgurukul Nipah Virus Testing Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Nipah virus NiV Testing Management System version 1.0 Description: phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of...

DEBIAN-CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...