792 matches found
CVE-2025-9236
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...
CVE-2025-9237
CodeAstro Ecommerce Website 1.0 is affected by a cross-site scripting (XSS) issue in the Edit Your Account Page, specifically via manipulation of the Username parameter in /customer/my_account.php?edit_account. The vulnerability originates from an unknown function in that page; exploitation can b...
CVE-2025-9235
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2025-9234
The CVE-2025-9234 issue affects Scada-LTS prior to 2.7.8.2. The vulnerability is a cross-site scripting (XSS) flaw arising from improper handling of the Alias parameter in maintenance_events.shtm, allowing remote attacker-controlled input to be executed in users’ browsers. Multiple sources confir...
CVE-2025-9108
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...
PT-2025-34137 · Scada-Lts · Scada-Lts
Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A flaw has been found in Scada-LTS. The impacted element is an unknown function of the file compound events.shtm. Manipulation of the argument Name causes cross site scripting. The attack is...
CVE-2025-9170
SolidInvoice up to 2.4.0 has a cross-site scripting vulnerability in the Tax Rates Module, affecting an unknown function in /tax/rates where manipulating the Name parameter enables remote exploitation. Public PoC/exploitation steps are linked in multiple sources. Remediation provided in connected...
CVE-2025-9156 itsourcecode Sports Management System sports.php sql injection
A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public...
CVE-2025-9138
Summary of CVE-2025-9138 (Scada-LTS 2.7.8.1) : A cross-site scripting vulnerability exists in the file path pointHierarchy/new/ where manipulation of the Title argument can trigger XSS. The issue appears to be exploitable remotely and the exploit has been made public. Public documents consistentl...
PT-2025-33882 · Unknown · Solidinvoice
Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue is located in an unknown function within the /tax/rates file of the Tax Rates Module. Manipulation of the...
CVE-2025-9108
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...
CVE-2025-9108 Portabilis i-Diario Login Page ui layer
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...
CVE-2025-9108
CVE-2025-9108 affects Portabilis i-Diário’s Login Page UI layer. The root cause is an issue with improper restriction of rendered UI layers caused by manipulation of an unknown function, enabling remote exploitation. The PT-2025-33637 entry notes the vulnerable component and that exploit can be p...
CVE-2025-9107 Portabilis i-Diario search_autocomplete cross site scripting
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/searchautocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly...
PT-2025-33637 · Portabilis · I-Diario
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The component Login Page contains an issue with improper restriction of rendered UI layers due to manipulation of an unknown function. This issue can be...
CVE-2025-9091 Tenda AC20 shadow hard-coded credentials
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...
CVE-2025-8967
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-8931
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
CVE-2025-8957
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departureairportid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2025-8951 PHPGurukul Teachers Record Management System search.php sql injection
A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...