PT-2026-32221

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A SQL injection issue exists in an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Manipulating the BRANCH ID argument can trigger the injection. The attack...

EUVD-2025-24686

Malicious code in bioql PyPI...

CVE-2025-9306 SourceCodester Advanced School Management System addNotice cross site scripting

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely...

CVE-2025-9138 Scada-LTS new cross site scripting

A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Th...

PT-2025-33741 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security flaw exists in Scada-LTS 2.7.8.1 related to the mailing lists.shtm file. Manipulation of the name/userList/address argument can lead to cross-site scripting. This issue is potentially...

CVE-2025-8957

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departureairportid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8785

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educarusuariolst.php. The manipulation of the argument nmpessoa/matricula/matriculainterna leads to cross site scripting. The...

goTenna Pro 访问控制错误漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. An access control error vulnerability exists in goTenna Pro. An unauthenticated attacker could exploit this vulnerability to remotely update local public keys used f...

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...