CVE-2025-12295

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12295 D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are...

CVE-2025-12293

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

CVE-2025-12293 SourceCodester Point of Sales category.php sql injection

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

CVE-2025-12293

CVE-2025-12293 concerns SourceCodester Point of Sales 1.0. A SQL injection vulnerability arises from improper handling of the Category argument in the /category.php file, exploitable remotely. Multiple sources note the exploit is publicly available. Reported impacts include confidentiality, integ...

CVE-2025-12292

SourceCodester Point of Sales 1.0 contains a SQL injection vulnerability in /index.php through manipulation of the Username parameter. This allows remote exploitation with no user interaction, as described across multiple sources (NVD, Red Hat, ENISA, CVE records). The vulnerability affects unkno...

CVE-2025-12279

A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

CVE-2025-12276

A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and ma...

CVE-2025-12272

A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may ...

CVE-2025-12268

A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate...

CVE-2025-12269

A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack...

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

EUVD-2025-36158

A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack...

CVE-2025-12268

LearnHouse vulnerability CVE-2025-12268 affects the Course Thumbnail Handler at files/api/v1/courses/. The issue arises from manipulation of the thumbnail parameter, enabling unrestricted file uploads and remote exploitation. Affected: LearnHouse versions prior to the commit 98dfad76aad70711a8113...

CVE-2025-12267

A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-59461

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

CVE-2025-12263

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

EUVD-2025-36149

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

CVE-2025-12258

CVE-2025-12258 affects TOTOLINK A3300R, specifically the function setOpModeCfg in the file /cgi-bin/cstecgi.cg within the POST Parameter Handler. The vulnerability is a stack-based buffer overflow triggered by manipulating the opmode argument, with remote-exploit potential. Multiple sources confi...