PT-2025-27368 · Unknown · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Best Salon Management System. The issue affects an unknown function of the file /panel/edit plan.php. The...

PT-2025-27127 · Unknown · Realtyelite

Name of the Vulnerable Software and Affected Versions: RealtyElite versions n/a through 1.0.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion in...

CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

PT-2025-26912 · WordPress · Simple User Registration

Name of the Vulnerable Software and Affected Versions: The Simple User Registration plugin for WordPress versions up to, and including, 6.3 Description: The issue is due to insufficient restrictions on user meta values that can be supplied during registration, making it possible for unauthenticat...

PT-2025-26988 · Unknown · Labredescefetrj Wegia

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A problematic vulnerability has been found in the Cadastro de Funcionário component, specifically affecting the /html/funcionario/cadastro funcionario.php file. The issue is related to the...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

PT-2025-28076 · Belkin · Belkin F9K1122

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue was found, affecting the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey in the component webs. The manipulation of the arguments wan ipaddr, wan netmask, wan...

PT-2025-26581 · Code Projects · Code-Projects Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical issue affects the processing of the file /php action/fetchSelectedCategories.php. The manipulation of the categoriesId argument leads to SQL injection. The attack m...

PT-2025-26534 · Sangfor · Sangfor Atrust

Name of the Vulnerable Software and Affected Versions: Sangfor aTrust versions through 2.4.10 Description: The issue allows users to modify the ExecStartPre command. Recommendations: For Sangfor aTrust versions through 2.4.10, consider restricting access to the ExecStartPre command to prevent...

PT-2025-26233 · Wasm3 · Wasm3

Name of the Vulnerable Software and Affected Versions: wasm3 version 0.5.0 Description: A vulnerability has been found in the function MarkSlotAllocated of the file source/m3 compile.c, leading to out-of-bounds write. The manipulation can be exploited locally. The exploit has been disclosed to th...

PT-2025-25711 · Unknown · Fw Food Menu

Name of the Vulnerable Software and Affected Versions: FW Food Menu versions n/a through 6.0.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For FW Food Menu versions n/a through 6.0.0, consider...

WordPress Besa Theme <= 2.3.8 is vulnerable to Local File Inclusion

Software Besa Type Theme Vulnerable versions = 2.3.8 Fixed in 2.3.10 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49252 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ea01ea6c86b2 Credits Phat RiO - BlueRock Required privilege...

PT-2025-24909 · Unknown · Code-Projects School Fees Payment System

Name of the Vulnerable Software and Affected Versions: code-projects School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /ajx.php. The manipulation of the name startsWith argument leads to SQL injection. It is...

PT-2025-24936 · Unknown · Code-Projects Restaurant Order System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Order System version 1.0 Description: A critical vulnerability was found in the code-projects Restaurant Order System. This issue affects unknown code of the file /order.php. The manipulation of the tabidNoti argument...

PT-2025-24391 · Unknown · Phpgurukul Bp Monitoring Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul BP Monitoring Management System version 1.0 Description: A critical issue has been found in the /registration.php file, where the manipulation of the emailid argument leads to SQL injection. This issue can be exploited remotely. Th...

PT-2025-24439 · Wukongopensource · Wukongopensource Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A problematic vulnerability was found in the file AdminSysConfigController.java of the File Upload component. The manipulation of the File argument leads to cross-site scripting. It is...

PT-2025-24070 · Unknown · Code-Projects Real Estate Property Management System

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /Admin/EditCity.php. This issue leads to sql injection and can be exploited...

PT-2025-24390 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 Description: A critical vulnerability was found in Tenda AC6. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buff...

PT-2025-24398 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version 15.03.06.47 Description: A critical issue was found, classified as critical, affecting the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to a stack-based...

PT-2025-24326 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09 Description: A critical issue has been identified, affecting the fromSetWirelessRepeat function of the file /goform/WifiExtraSet. The manipulation of the wpapsk crypto argument leads to a stack-based buffer...