CVE-2025-12250

OpenWGA 7.11.12 Build 737 is affected by a path traversal flaw in the WGA.File component of the TMLScript API. Attack requires no user interaction and can be launched remotely; an exploit has been published. The root cause is described as an incorrect manipulation within WGA.File leading to path ...

CVE-2025-12241

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

EUVD-2025-36082

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-12209

A vulnerability was determined in Tenda O3 1.0.0.102478. Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly...

CVE-2025-12201

A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. ...

CVE-2025-12202

The CVE-2025-12202 entry concerns a cross-site request forgery in ajayrandhawa User-Management-PHP-MYSQL web (up to commit fedcf58797bf2791591606f7b61fdad99ad8bff1). Connected documents confirm remote exploitation and that the exploit has been publicly released. The products and versions affected...

PT-2025-44060

Name of the Vulnerable Software and Affected Versions Code-Projects E-Commerce Website version 1.0 Description A cross site scripting issue exists in Code-Projects E-Commerce Website version 1.0. The issue is related to the manipulation of the supp name/supp address arguments within the file...

PT-2025-43952

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security issue exists in code-projects Client Details System 1.0 related to the processing of the /update-clients.php file. Manipulation of this file can lead to cross site scriptin...

PT-2025-43915

Name of the Vulnerable Software and Affected Versions code-projects Online Event Judging System version 1.0 Description A weakness exists in code-projects Online Event Judging System 1.0. The issue affects unknown code within the '/edit contestant.php' file. Manipulation of the contestant id...

PT-2025-43897

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file,...

TIME-SEA-PLUS 授权问题漏洞

TIME-SEA-PLUS is an Ai platform for bdth individual developers. dulaiduwang003 TIME-SEA-PLUS has an authorization issue vulnerability that originates from improper authorization of the function alipayIsSucceed in the file PayController.java, which could lead to a remote attack...

PT-2025-44000

Name of the Vulnerable Software and Affected Versions pg8000 version 1.31.4 Description A SQL injection flaw exists in pg8000. This issue allows remote attackers to execute arbitrary SQL commands by providing a specially crafted Python list as input to the pg8000.native.literal function. The...

D-Link DAP-2695 操作系统命令注入漏洞

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China AUO D-Link. An OS command injection vulnerability exists in the D-Link DAP-2695 version 2.00RC13, which originates from the presence of os command injection in the function sub4174B0 in the Firmware Update Handle...

CVE-2025-61385

CVE-2025-61385 affects pg8000 1.31.4. The SQL injection occurs via a specially crafted Python list input to pg8000.native.literal, enabling remote execution of arbitrary SQL. The CVSS 3.1 base score is 9.6 with Network attack vector, low complexity, no privileges, required user interaction, and i...

PT-2025-43962

Name of the Vulnerable Software and Affected Versions Bdtask Wholesale Inventory Control and Inventory Management System versions prior to 20251014 Description A security issue exists in Bdtask Wholesale Inventory Control and Inventory Management System. Manipulation of the first name and last na...

PT-2025-43986

Name of the Vulnerable Software and Affected Versions atjiu pybbs versions up to 6.0.0 Description A flaw exists in atjiu pybbs, specifically within the UserApiController.java file. This issue leads to information disclosure and can be exploited remotely. The exploit is publicly available. The...

PT-2025-44041

A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

Willow CMS 代码问题漏洞

Willow CMS is a content management system for mndeaves individual developers. A code issue vulnerability exists in Willow CMS version 1.4.0 and prior versions, which stems from the presence of an unrestricted upload function in the file /admin/images/add, which could lead to a remote attack...

PT-2025-43889

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A flaw exists in the fromSafeUrlFilter function within the /goform/SafeUrlFilter file. Manipulation of the page argument can lead to a buffer overflow, allowing for remote attacks. An exploit for this iss...

EUVD-2025-35736

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...