CVE-2025-14711 FantasticLBP Hotels Server hotelList.php sql injection

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14704

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor...

CVE-2025-14704

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor...

CVE-2025-14703

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

EUVD-2025-203325

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

CVE-2025-14703 Shiguangwu sgwbox N3 POST Message fsnotify improper authentication

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

CVE-2025-14697

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...

CVE-2025-14694

CVE-2025-14694 affects ketr JEPaaS up to version 7.2.8. The vulnerability is in the readAllPostil function (/je/postil/postil/readAllPostil) where manipulating the keyWord parameter leads to SQL injection. Attack can be initiated remotely over the network; CVSS metrics indicate HIGH privileges ar...

ROS-20251215-7309

Elasticsearch search engine vulnerability related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially crafted SQL queries...

ROS-20251215-7304

Vulnerability in advancecomp related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-14691

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

CVE-2025-14691

Mayan EDMS up to 4.10.1 has a cross-site scripting (XSS) vulnerability in an unknown function of the /authentication/ component. The issue is exploitable remotely and an exploit is publicly available. Upgrading to version 4.10.2 (or higher) fixes the vulnerability; the vendor confirms the fix in ...

CVE-2025-14668

A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now publi...

CVE-2025-14660

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

CVE-2025-14655

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...

EUVD-2025-203287

A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injection. The attack can be initiated remotely. The exploit is no...

CVE-2025-14651

The CVE concerns MartialBE one-hub up to version 0.14.27. The vulnerability arises from the docker-compose.yml configuration where the SESSION_SECRET is manipulated, leading to use of a hard-coded cryptographic key. Reported as exploitable remotely with high attack complexity, the issue is descri...

CVE-2025-14647

CVE-2025-14647 affects Code-Projects Computer Book Store 1.0. The vulnerability is an SQL injection in the file /admin_delete.php, caused by manipulating the bookisbn parameter in an unknown function. The issue can be exploited remotely and is documented as having public exploits. Various sources...

CVE-2025-14641 code-projects Computer Laboratory System admin_pic.php unrestricted upload

A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/adminpic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be use...