29 matches found
EUVD-2024-51244
Malicious code in bioql PyPI...
CVE-2025-8730
CVE-2025-8730 affects Belkin F9K1009 and F9K1010 Web Interface (versions 2.00.04–2.00.09). The root cause is hard-coded credentials that enable remote authentication bypass, granting full admin access via the web login interface (login.htm) without valid credentials. Public PoCs/exploits exist (P...
CVE-2025-6095
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2025-5504
CVE-2025-5504 affects TOTOLINK X2000R 1.0.0-B20230726.1108. The issue is a vulnerability in the /boafrm/formWsc endpoint where manipulating the peerRptPin parameter leads to command injection. Remote attack is possible, and public exploitation has been disclosed. Several sources (NVD, Red Hat, CN...
CVE-2025-5442
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RPpingGatewayByBBS of the file /goform/RPpingGatewayByBBS. The manipulation of th...
CVE-2025-5402 chaitak-gorai Blogbook GET Parameter edit_post.php sql injection
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/editpost.php of the component GET Parameter Handler. The manipulation of the argument...
CVE-2025-5172
A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-5172
CVE-2025-5172 affects Econtrata up to 20250516. The vulnerability resides in an unknown function within /valida, where manipulating the usuario parameter yields SQL injection. Exploitation is described as remote and publicly disclosed, with vendor non-response noted. Connected sources corroborate...
CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting
A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...
CVE-2024-11051
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/onlinestatus.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch t...
CVE-2024-11659
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diagiperf. The manipulation of the argument iperf leads to command injection. The attack may be...
CVE-2025-5000 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi control_panel_sw command injection
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...
CVE-2025-4551 ContiNew Admin file cross site scripting
A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-4122
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure bu...
CVE-2025-3666
CVE-2025-3666 affects TOTOLINK A3700R (v9.1.2u.5822_B20200513). The vulnerability is in the setDdnsCfg function of /cgi-bin/cstecgi.cgi, causing improper access controls. Exploitation may be remote and public disclosures exist. Vendor did not respond. A practical workaround from PT-Security sugge...
CVE-2025-2711
CVE-2025-2711 affects Yonyou UFIDA ERP-NC v5.0. Affected component: the /help/systop.jsp (and /help/top.jsp via langcode). Root cause: manipulation of the langcode input leads to reflected cross-site scripting (XSS). Impact: attackers can remotely exploit to execute arbitrary JavaScript in victim...
CVE-2025-2367
The CVE-2025-2367 entry concerns Oiwtech OIW-2431APGN-HP devices, firmware 2.5.3-B20131128. The vulnerability affects the file /boafrm/formScript under the Personal Script Submenu, where manipulation leads to OS command injection. The issue is exploitable remotely (network vector) and an exploit ...
CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...
CVE-2025-2321 274056675 springboot-openai-chatgpt addData logic error
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be...
CVE-2025-2212
CVE-2025-2212 affects Castlenet CBW383G2N (up to 20250301). The issue is a cross-site scripting flaw in an unknown part of /RgSwInfo.asp where input in the Description parameter (example payload: ) can be manipulated to execute script. Exploitation is remote and has been disclosed publicly; other...