CVE-2025-15373 EyouCMS function.php saveRemote server-side request forgery

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be use...

CVE-2025-15215

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...

PHPGurukul Small CRM 安全漏洞

PHPGurukul Small CRM is a customer relationship management system from PHPGurukul. A security vulnerability exists in PHPGurukul Small CRM version 4.0, which stems from a missing authorization in the file /admin/edit-user.php, which could lead to a remote attack...

D-Link DIR-806A 命令注入漏洞

The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...

PT-2025-54275

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The...

Badaso 安全漏洞

Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A security vulnerability exists in Badaso 2.9.7 and earlier versions, which stems from a weak password recovery mechanism in the getPassword function in the Token Handler component file...

PT-2025-54269

Name of the Vulnerable Software and Affected Versions Philipinho Simple-PHP-Blog versions prior to 94b5d3e57308bce5dfbc44c3edafa9811893d958 Description A cross site scripting issue exists in Philipinho Simple-PHP-Blog. The issue is located in the /login.php file, specifically involving manipulati...

CVE-2025-15356

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2025-15354

The CVE-2025-15354 vulnerability affects itsourcecode Society Management System 1.0. The flaw exists in the /admin/add_admin.php file, where manipulation of the Username parameter can lead to SQL injection. Attacks can be launched remotely over the network, and exploits have been published and ma...

EUVD-2025-205819

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...

EUVD-2025-205773

A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...

CVE-2025-15251

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entit...

CVE-2025-15249

A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...

CVE-2025-15249 zhujunliang3 work_platform Content cross site scripting

A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...

CVE-2025-15244 PHPEMS Purchase Request race condition

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...

CVE-2025-15182

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...

CVE-2025-15234

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233 Tenda M3 setAdInfoDetail formSetAdInfoDetails heap-based overflow

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15229 Tenda CH22 DhcpListClient fromDhcpListClient denial of service

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclos...