CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989

CVE-2025-10989 affects yangzongzhuan RuoYi up to 4.8.1. The issue resides in the file /system/role/authUser/selectAll where manipulating the argument userIds leads to improper authorization. This can be exploited remotely, and the exploit has been publicly released. Multiple trusted sources consi...

PT-2025-39659

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from an unknown code mishandling that could lead to a cross-site request forgery attack...

CVE-2025-10796

A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

CVE-2025-10398

A security flaw has been discovered in fcbazzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-10387

A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machinename/computeruser/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated...

CVE-2025-10421 SourceCodester Student Grading System update_account.php sql injection

A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /updateaccount.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-10330

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10398 fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload

A security flaw has been discovered in fcbazzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-9761

A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. T...

PT-2025-35825

Name of the Vulnerable Software and Affected Versions: projectworlds Travel Management System version 1.0 Description: A vulnerability exists in projectworlds Travel Management System 1.0, affecting unknown code within the /enquiry.php file. The manipulation of the t2 argument can lead to a SQL...

CVE-2025-9699

A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed from a remote location. The exploit is now...

CVE-2025-9750

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-9609

A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-9429

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

PT-2025-34555 · Unknown · Fnkvision Y215 Cctv Camera

Name of the Vulnerable Software and Affected Versions: FNKvision Y215 CCTV Camera version 10.194.120.40 Description: A weakness has been identified in the FNKvision Y215 CCTV Camera. This vulnerability affects unknown code within the s1 rf test config file of the Telnet Service component,...