EUVD-2023-33882

Malicious code in bioql PyPI...

PT-2025-41184

Name of the Vulnerable Software and Affected Versions D-Link DI-7001 MINI version 24.04.18B1 Description A security issue exists in D-Link DI-7001 MINI. Manipulation of the str argument within an unknown function of the /dbsrv.asp file can lead to a buffer overflow. This issue may be exploited...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

PT-2025-39790

Name of the Vulnerable Software and Affected Versions itsourcecode Hostel Management System version 1.0 Description A security flaw exists in itsourcecode Hostel Management System 1.0. The issue is related to a cross-site scripting condition within the POST Request Handler component, specifically...

CampCodes Farm Management System 安全漏洞

CampCodes Farm Management System is a farm management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Farm Management System version 1.0, which stems from the improper operation of an unknown function that could lead to the disclosure of file and directory...

CVE-2025-10992 roncoo roncoo-pay lookupList improper authorization

A vulnerability was determined in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly...

PT-2025-39472

Name of the Vulnerable Software and Affected Versions roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40 Description An issue exists in roncoo-pay where manipulation of an unknown function within the /user/info/lookupList file can lead to improper authorization. This issue can ...

CVE-2025-10946

CVE-2025-10946 affects nuz007 smsboom; the vulnerability is in an unknown function within dy.php where manipulating the hm argument triggers cross-site scripting. Remote exploitation is possible. The Product uses rolling releases, so no specific affected/updated version details are provided in th...

CVE-2025-10841

A security vulnerability has been detected in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/weweee.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly...

CVE-2025-10851

A security flaw has been discovered in Campcodes Gym Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been released ...

PT-2025-39368

Name of the Vulnerable Software and Affected Versions nuz007 smsboom versions prior to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674 Description A flaw exists in nuz007 smsboom. Manipulation of the hm argument in an unknown function within the dy.php file can lead to cross site scripting. Remote...

CVE-2025-10811 code-projects Hostel Management System index.php sql injection

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10789

A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly availab...

CVE-2025-10741

A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The...

CVE-2025-10642

A vulnerability has been found in wangchenyi1996 chatforum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a...

CVE-2025-10616

A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2025-10607

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used...

PT-2025-38525

Name of the Vulnerable Software and Affected Versions JeecgBoot versions through 3.8.2 Description A weakness exists in JeecgBoot that may lead to improper authorization. The issue affects an unknown function within the /message/sysMessageTemplate/sendMsg file. The exploit for this issue has been...

CVE-2025-10623 SourceCodester Hotel Reservation System deleteuser.php sql injection

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2025-10616

A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited...