CVE-2025-10113

A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modules/room/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

PT-2025-37267

Name of the Vulnerable Software and Affected Versions: erjinzhi 10OA version 1.0 Description: A vulnerability exists in erjinzhi 10OA version 1.0. The issue involves cross site scripting caused by manipulation of the Name argument in an unknown function of the /trial/mvc/catalogue file. This...

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

CVE-2025-10074

A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

CVE-2025-10113

A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modules/room/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2025-10112

A weakness has been identified in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/department/index.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10111 itsourcecode Student Information Management System index.php sql injection

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/instructor/index.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploi...

SimStudioAI: A function in route.ts is vulnerable to Code Injection

A vulnerability was identified in SimStudioAI sim. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-10088

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10073

A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10065

A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/domdatath.php. This manipulation of the argument scripts causes cross site scripting. The attack is possible to be...

PT-2025-36407

Name of the Vulnerable Software and Affected Versions: itsourcecode POS Point of Sale System version 1.0 Description: A vulnerability exists in itsourcecode POS Point of Sale System that allows for cross site scripting. The issue is related to manipulation of the scripts argument and impacts an...

CVE-2025-10032

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be us...

CVE-2025-10012

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educarhistoricoescolarlst.php. Such manipulation of the argument refcodaluno leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-9848

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-9843

A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-9838

A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

CVE-2025-9806

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...