PT-2025-47842

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 devices. The issue is due to the manipulation of the...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

CVE-2025-63334

PocketVJ CP pvj version 3.9.1 is affected by an unauthenticated remote code execution in submit_opacity.php. The vulnerability is caused by failure to sanitize the opacityValue POST parameter, which is passed to a shell command, enabling remote attackers to execute arbitrary commands with root pr...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

PT-2025-45161

Name of the Vulnerable Software and Affected Versions PocketVJ CP versions 3.9.1 Description The application does not properly sanitize user input in the opacityValue POST parameter before it is used in a shell command. This allows remote attackers to execute arbitrary commands with root privileg...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989587 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: properly check endpoint type Syzbot reported warning in usbsubmiturb which is cause...

EUVD-2025-37920

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989744)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989744 advisory. In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xxstartreadpipe syzbot reported memory leak in zr364xx...

CVE-2025-12158 Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fixed a fence leak in the submit error path. In error paths, we could unreference the submitted entity without calling drmschedentitypushjob. As a result, msmjobfree will never be called. Since drmschedjobcleanup will NU...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Another leak in the submit error path has been fixed. putunusedfd does not free the allocated file if we have already performed fdinstall. Therefore, we also need to free the syncfile. Patchwork:...

CVE-2025-12215

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-54968

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of other users...

CVE-2025-12215

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-12215

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

Projectworlds Online Shopping System SQL注入漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter keywords in the file /loginsubmit.php, which could lead t...

CVE-2025-6639 Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...