EUVD-2025-200266

Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

CVE-2025-14217

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

PT-2025-50268

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description The software contains a flaw that allows remote attackers to bypass authentication and modify the root password. This is achieved by sending specially crafted POST requests to the system setup endpoint,...

PT-2025-50211

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 related to SQL injection. The issue is located in the file /new school year.php and involves manipulation of the sy...

PHOENIX CONTACT FL SWITCH 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT. A cross-site scripting vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which can be exploited by an unauthenticated, remote attacker to trick an authenticated user into clicking on a...

EUVD-2025-201732

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

EUVD-2025-201729

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

EUVD-2025-201800

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-14191

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2025-14230

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/addpayroll.php. Performing manipulation of the argument detailId results in sql injection. The attack can be initiated remotely. The exploit is now publi...

CVE-2025-14244

GreenCMS 2.3.0603 contains a cross-site scripting flaw in the Menu Management Page, due to improper handling of the Link parameter in /Admin/Controller/CustomController.class.php. The vulnerability can be triggered remotely, and exploits have been published. The issue affects products no longer m...

EUVD-2025-201706

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

CVE-2025-14227

CVE-2025-14227 affects Philipinho Simple-PHP-Blog (up to commit 94b5d3e57308bce5dfbc44c3edafa9811893d958). The vulnerability is an SQL injection in the /edit.php handler caused by improper input processing. It is remotely exploitable over the network with no privileges and no user interaction req...

EUVD-2025-201692

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-14253 Galaxy Software Services｜Vitals ESP - Arbitrary File Read

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-14209 Campcodes School File Management System update_query.php sql injection

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-14206

CVE-2025-14206 affects SourceCodester Online Student Clearance System 1.0 in the Fee Table Handler, specifically /Admin/delete-fee.php. Manipulating the ID parameter can lead to improper authorization, with remote exploitation; public exploit details exist. Remediation guidance across connected s...