CampCodes School File Management System 代码问题漏洞

CampCodes School File Management System is a school file management system from CampCodes Philippines. A code issue vulnerability exists in CampCodes School File Management System version 1.0, which stems from an incorrect manipulation of the parameter File in the file /savefile.php resulting in ...

PHPGurukul Online Course Registration 安全漏洞

PHPGurukul Online Course Registration is an online course registration system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Online Course Registration 3.1 and prior versions that stems from a lack of authorization and could lead to a remote attack...

PT-2026-20521

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.109 Description A heap buffer overflow exists in the Media component of Google Chrome. This issue could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML...

PT-2026-7643

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.45 Description An issue existed in the Animation rendering within Google Chrome, specifically related to an inappropriate implementation. This could allow a remote attacker to leak cross-origin data...

PT-2026-26517

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A use-after-free issue exists in the WebRTC component of Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page...

CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

EUVD-2025-206054

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2023-7331 PKrystian Full-Stack-Bank User sql injection

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

CVE-2019-25262

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

EUVD-2025-206016

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

CVE-2019-25262 elinicksic Razgover Chat Message send.php cross site scripting

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2025-15254

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

EUVD-2025-206030

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited...

CVE-2025-15252

A flaw has been found in Tenda M3 1.0.0.134903. The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2025-15251

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entit...

CVE-2025-15375 EyouCMS arcpagelist Ajax.php unserialize deserialization

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...