PT-2025-35246

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A flaw has been found in O2OA that allows for cross site scripting. The issue is related to the manipulation of the argument name/alias/description within an unknown function of the file /x portal...

PT-2025-35169

Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...

PT-2025-35252

Name of the Vulnerable Software and Affected Versions: Simple Grading System version 1.0 Description: A SQL injection issue exists in the Admin Panel component of the software, specifically within the /login.php file and an unknown function. This allows for remote execution of malicious code. The...

PT-2025-35186

Name of the Vulnerable Software and Affected Versions: E4 Sistemas Mercatus ERP version 2.00.019 Description: A security flaw exists in E4 Sistemas Mercatus ERP 2.00.019, involving improper control of resource identifiers due to manipulation of an unknown function within the...

CVE-2025-9594

A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-35143

Name of the Vulnerable Software and Affected Versions Cudy WR1200EA version 2.3.7-20250113-121810 Description A vulnerability exists in Cudy WR1200EA that allows for the use of a default password. The issue affects an unknown function within the /etc/shadow file. Exploitation requires local acces...

CVE-2025-9532

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...

CVE-2025-9532

Portabilis i-Educar up to version 2.10 contains a SQL injection in the RegraAvaliacao/view path triggered by manipulating the ID parameter. The flaw is exploitable remotely and has published proof-of-concept materials in public references. Multiple sources (Red Hat, NVD, CVE lists, and vendor-foc...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9514 macrozheng mall Registration weak password

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

PT-2025-34834

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue has been identified in itsourcecode Apartment Management System version 1.0. The vulnerability is due to SQL injection in the /branch/addbranch.php file...

CVE-2025-9388

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watchlist.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2025-9434

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2025-9438

CVE-2025-9438 affects 1000projects Online Project Report Submission and Evaluation System version 1.0. The vulnerability is a cross-site scripting flaw triggered by manipulating the address argument in the /admin/add_student.php function/file. It can be exploited remotely, and public exploits hav...

CVE-2025-9431 mtons mblog search cross site scripting

A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-34736

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /fund/add fund.php. Manipulation of the ID argument can trigger the issue, allowing for remote attacks. The...

CVE-2025-9420

Itsourcecode Apartment Management System 1.0 is affected. The vulnerability resides in the file /floor/addfloor.php where manipulation of the hdnid parameter enables a SQL injection. The attack is exploitable remotely and, per linked advisories, the exploit has been published. Some sources recomm...

CVE-2025-9419

The CVE concerns itsourcecode Apartment Management System 1.0. The vulnerability is a SQL injection in /unit/addunit.php triggered by manipulating the ID parameter, exploitable remotely, with a publicly available exploit. Impact in the sources ranges from partial to high confidentiality, integrit...

CVE-2025-9238

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to...

CVE-2025-9156

A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public...