Digiwin EasyFlow GP 安全漏洞

Digiwin EasyFlow GP is an enterprise process management system from Digiwin Taiwan, China. A security vulnerability exists in Digiwin EasyFlow GP, which can be exploited by an unauthenticated, remote attacker to send a specific request that could result in a denial of service...

PT-2025-47120

Name of the Vulnerable Software and Affected Versions lsfusion platform versions prior to 6.1 Description A flaw exists in the lsfusion platform that allows for path traversal. This issue is related to the unpackFile function located in the file...

PT-2025-47191

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0 Description A security issue exists in itsourcecode Web-Based Internet Laboratory Management System version 1.0. The issue involves a SQL injection impacting an unknown...

ROS-20251117-03

Vulnerability of the xdrtrrqmessage function of the protocol.cpp module of the Red Database Management System is related to dereferencing of a null pointer. Data" is related to dereferencing of a null pointer. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a...

PT-2025-47144

Name of the Vulnerable Software and Affected Versions Nero Social Networking Site version 1.0 Description A SQL injection issue exists in Nero Social Networking Site version 1.0. The issue is located in the /profilefriends.php file, within an unknown function. Manipulation of the ID parameter can...

CVE-2025-13251

The CVE-2025-13251 entry concerns WeiYe-Jing datax-web up to 2.1.2, where an unknown function can be manipulated to cause SQL injection. Multiple sources (NVD, Red Hat RH:CVE-2025-13251, CNNVD-202511-1817, EUVD-2025-197731, osv) describe remote exploitation with published exploits. Impact is desc...

CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload

A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...

CVE-2025-13246

A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.java. The manipulation leads to path...

EUVD-2025-197722

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13245 code-projects Student Information System editprofile.php cross site scripting

A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be...

CVE-2025-13242

A vulnerability has been found in code-projects Student Information System 2.0. This issue affects some unknown processing of the file /register.php. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...

CVE-2025-13191

A vulnerability was determined in D-Link DIR-816L 206b09beta. This issue affects the function soapcgimain of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This...

CVE-2025-13241

The CVE concerns code-projects Student Information System 2.0, where the vulnerability resides in the /index.php file. The Username parameter can be manipulated to achieve SQL injection, allowing remote execution. The issue is supported by multiple sources (NVD, Red Hat, CNVD, CNNVD, EUVD, VulnDB...

EUVD-2025-197719

A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submitcheckout. Such manipulation of the argument ordertotalamount/carttotalamount leads to enforcement of...

CVE-2025-13234

The CVE-2025-13234 affects itsourcecode Inventory Management System 1.0, with a SQL injection flaw in the PROID parameter of /index.php?q=product. Multiple sources confirm remote exploitation and a publicly released exploit. Remediation is not detailed in the initial document beyond recommending ...

CVE-2025-13234 itsourcecode Inventory Management System index.php sql injection

A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the attack remotely. The exploit has been mad...

CVE-2025-13209

A weakness has been identified in bestfeng oagitfree up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity...

CVE-2025-13209 bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference

A weakness has been identified in bestfeng oagitfree up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity...

CVE-2025-13203

Concrete details found: Simple Cafe Ordering System 1.0 has a vulnerability in /addmem.php where manipulating the studentnum parameter enables SQL injection. Remote exploitability is indicated, and multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE lists, and Vuln enrichment) confirm the issue and ...

CVE-2025-13202

A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /addtocart. Performing manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...