CVE-2025-9848

CVE-2025-9848 affects ScriptAndTools Real Estate Management System 1.0. The vulnerability resides in an unknown function within the file /admin/userlist.php, allowing manipulation that results in code execution after redirect. It can be exploited remotely and the exploit has been publicly disclos...

CVE-2025-9841

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

PT-2025-35652

Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A security issue has been identified in ScriptAndTools Real Estate Management System 1.0. The vulnerability involves an unknown function within the /admin/userlist.php file...

PT-2025-35651

Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A weakness has been identified in an unknown function of the register.php file, allowing for unrestricted file upload through manipulation of the uimage argument. Remote...

CVE-2025-9731

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9715

A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /xcmsassemblecontrol/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The...

PT-2025-35642

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A weakness exists in itsourcecode Sports Management System 1.0. The issue involves SQL injection due to manipulation of the code argument within an unknown function of the...

CVE-2025-9794

CVE-2025-9794 affects Campcodes Computer Sales and Inventory System 1.0. A SQL injection vulnerability exists in the /pages/pos_transac.php?action=add endpoint, exploitable by manipulating the cash/firstname parameter. Attacks may be performed remotely, and multiple parameters could be affected. ...

CVE-2025-9689

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...

CVE-2025-9687

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9775 RemoteClinic edit-my-profile.php unrestricted upload

A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-9766 itsourcecode Sports Management System facilitator.php sql injection

A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-9765 itsourcecode Sports Management System tournament_details.php sql injection

A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournamentdetails.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2025-9755 Khanakag-17 Library Management System index.php cross site scripting

A vulnerability has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9659

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9734

O2OA up to version 10.0-410 contains a cross-site scripting vulnerability in the Personal Profile Page component, triggered by manipulating the name/alias/description/applicationName arguments in the file path /x_query_assemble_designer/jaxrs/stat. The issue is exploitable remotely and, per sourc...

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...