Projectworlds Expense Management System 安全漏洞

Projectworlds Expense Management System is an open source expense management system from Projectworlds. A security vulnerability exists in Projectworlds Expense Management System version 1.0, which stems from misuse of an unknown function in the file /public/admin/currencies/create, and could lea...

Code-Projects Client Details System 安全漏洞

Client Details System is a client information system. An authorization bypass vulnerability exists in Client Details System that stems from an authorization bypass of an unknown function and can be exploited by an attacker to compromise confidentiality...

LearnHouse 安全漏洞

LearnHouse is an online learning management system open-sourced by LearnHouse. LearnHouse has a security vulnerability that originates from a cross-site scripting vulnerability in an unknown function in file /dash/org/settings/previews...

CVE-2025-11853

The CVE concerns Teedy (Sismics Teedy) up to 1.11, affecting the API’s /api/file endpoint. The root cause is improper access controls in the API Endpoint file, enabling a remote attacker to manipulate access. Public exploit discussion is noted, and the vulnerability is exploitable without user in...

PT-2025-41753

Name of the Vulnerable Software and Affected Versions SourceCodester Best Salon Management System version 1.0 Description A security flaw exists in SourceCodester Best Salon Management System 1.0. The issue is a SQL injection impacting an unknown function within the /booking.php file. The serv id...

Social Network Website SQL注入漏洞

Social Network Website is a simple social networking website by Pynch Personal Developers. Social Network Website suffers from a SQL injection vulnerability that stems from incorrect manipulation of an unknown function in the component Search, which could lead to an SQL injection attack...

CVE-2025-11583

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

EUVD-2025-33262

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly...

EUVD-2025-33271

A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplieradd.php. Executing manipulation of the argument suppemail can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-11506

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The...

CVE-2025-11507

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2025-11408

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be...

CVE-2025-11351

A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has...

PT-2025-41238

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A security flaw exists in JhumanJ OpnForm. The issue involves an unknown function within the component’s API Endpoint and can lead to cross-site request forgery. The attack can be initiated...

EUVD-2025-32885

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be...

CVE-2025-11408 D-Link DI-7001 MINI dbsrv.asp buffer overflow

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be...

EUVD-2025-32854

A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The impacted element is an unknown function of the file /profile.php of the component Profile Page. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be launched...

EUVD-2025-32710

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used...

EUVD-2025-32701

A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2025-32607

A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has...