CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9721 Portabilis i-Educar edit cross site scripting

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9619

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The...

PT-2025-35425

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A weakness exists in Campcodes Online Loan Management System that may allow for SQL injection. The issue is located in an unknown function of the file /ajax.php?action=login...

PT-2025-35395

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A flaw has been found that allows for cross site scripting. The manipulation of the nome/formulaMedia argument in an unknown function of the /module/FormulaMedia/edit file causes this issue...

CVE-2025-9492

A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may b...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9701 SourceCodester Simple Cafe Billing System receipt.php sql injection

A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-9687

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9681 O2OA Personal Profile agent cross site scripting

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

PT-2025-35380

Name of the Vulnerable Software and Affected Versions: SourceCodester Water Billing System version 1.0 Description: A security flaw has been discovered that may allow for remote exploitation. The manipulation of the ID argument in the /viewbill.php file results in SQL injection. The exploit has...

PT-2025-35356

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions prior to 2.11 Description A weakness exists in Portabilis i-Educar up to version 2.10 due to improper authorization. This issue is related to an unknown function within the /module/HistoricoEscolar/processamentoApi...

CVE-2025-9676

CVE-2025-9676 affects NCSOFT Universe App (versions up to 1.3.0) due to improper export of AndroidManifest.xml in the com.ncsoft.universeapp component. Root cause: exported Android components not restricted, enabling local attack. Exploit is publicly available; no remote vector. A fix is availabl...

CVE-2025-9672

The CVE-2025-9672 entry affects Rejseplanen App (package de.hafas.android.rejseplanen) up to version 8.2.2. The vulnerability arises from an improper export of AndroidManifest.xml components in the app, enabling a local attack. Public exploit details exist, and there was no response from the vend...

DEBIAN-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9658

CVE-2025-9658 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component where an unknown function in the file path /x_portal_assemble_designer/jaxrs/dict/ allows manipulating the parameter name/alias/description. This leads to cross-site scripting, with remote exploita...

CVE-2025-9619

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The...

PT-2025-35246

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A flaw has been found in O2OA that allows for cross site scripting. The issue is related to the manipulation of the argument name/alias/description within an unknown function of the file /x portal...