CVE-2025-1807

A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to...

CVE-2025-1843

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-1645

A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launch...

CVE-2025-1618

A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument operation leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-1447

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading t...

CVE-2025-1610

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/setblacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has...

CVE-2025-1609

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/setcmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has...

CVE-2025-1214

A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /useraccounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-1106

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletediraction/restoreaction in the library lib/admin/databaseadmin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-1959

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /changespwd.php. The manipulation of the argument loginid/loginkey leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-1857

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-1947

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The...

CVE-2025-1578

A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2025-1596

A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-1956

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. This affects an unknown part of the file /Shopping/Admin/index.php of the component Login. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-1543

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...

CVE-2025-1228

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal...

CVE-2025-1165

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-1183

A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument loginid leads to sql injection. The attack can be launche...

CVE-2025-1174

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file processbookadd.php of the component Add Book Page. The manipulation of the argument Book Name leads to cross site scripting. The attac...