PT-2025-49512

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print personnel report.php. This manipulation of the argument per id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be us...

PT-2025-49423

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions up to 20250416 Description A security flaw exists in D-Link DIR-823X up to version 20250416. The issue resides in the sub 415028 function within the /goform/set wan settings file. Manipulation of the ppp username...

Ubuntu: Security Advisory (USN-7912-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NTPsec < 1.1.0 DoS Vulnerability

NTPsec is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntpsec:ntpsec";...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version v1.7.3, which stems from a lack of CSRF protection in the database export function, which could lead to a remote attacker...

PT-2025-49509

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin running.php. Executing manipulation of the argument product image can lead to unrestricted upload. It is possible to launch the attack remotely...

PT-2025-49558

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user contact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available t...

PT-2025-49505

Name of the Vulnerable Software and Affected Versions Currency Exchange System version 1.0 Description A SQL injection issue exists in Currency Exchange System 1.0. The issue is located in the file '/edit.php', where manipulation of the ID argument can lead to SQL injection. The attack can be...

CVE-2025-14201 alokjaiswal Hotel-Management-services-using-MYSQL-and-php dishsub.php cross site scripting

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...

CVE-2025-14200

CVE-2025-14200 affects the alokjaiswal Hotel-Management-services-using-MYSQL-and-php project (file: /usersub.php, Request Pending Page). The vulnerability is a cross-site scripting issue arising from manipulation of an unknown function, with remote exploitability. Multiple connected records confi...

CVE-2025-14199 Verysync 微力同步 Web Administration text.txt unrestricted upload

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from...

EUVD-2025-201603

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/authlogin.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The explo...

CVE-2025-14195

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

PT-2025-49412

Name of the Vulnerable Software and Affected Versions Verysync versions up to 2.21.3 Description A flaw exists in Verysync that allows for unrestricted file upload. This impacts an unknown function within the Web Administration Module, specifically related to the file...

PT-2025-49413

Name of the Vulnerable Software and Affected Versions alokjaiswal Hotel-Management-services-using-MYSQL-and-php versions prior to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f Description A cross site scripting issue exists in alokjaiswal Hotel-Management-services-using-MYSQL-and-php. The issue is...

CVE-2025-14141 UTT 进取 520W formArpBindConfig strcpy buffer overflow

A flaw has been found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

FIT2CLOUD Halo 安全漏洞

FIT2CLOUD Halo is a website builder from China-based FIT2CLOUD. A security vulnerability exists in FIT2CLOUD Halo version 2.21.10, which stems from a cross-site request forgery issue that could lead to a remote attack...

PT-2025-49329

Name of the Vulnerable Software and Affected Versions fit2cloud Halo version 2.21.10 Description A cross-site request forgery issue exists in fit2cloud Halo version 2.21.10. The issue is related to an unknown function. The attack can be initiated remotely and the exploit has been publicly...

CVE-2025-14089 Himool ERP AdminActionViewSet update_account improper authorization

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

EUVD-2025-201426

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...