PT-2025-35860

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A cross-site scripting issue exists in CodeAstro Real Estate Management System 1.0. The issue is related to the manipulation of the msg argument in the /feature.php file. This c...

PT-2025-35859

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A security issue exists in CodeAstro Real Estate Management System 1.0. Manipulation of the msg argument in the /propertyview.php file can lead to cross-site scripting. This...

PT-2025-35863

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A flaw exists in CodeAstro Real Estate Management System 1.0 that allows for unrestricted file upload. The issue is located in the /register.php file and involves manipulation o...

CVE-2025-9794

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/postransac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The explo...

CVE-2025-9921

CVE-2025-9921 affects Code-projects POS Pharmacy System 1.0. The vulnerability is a cross-site scripting (XSS) flaw in an unknown function of the file /main/products.php, triggered by manipulating one or more arguments—product_code, gen_name, product_name, or supplier. The issue can be exploited ...

CVE-2025-9848

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-9848

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-9843

A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-9848

CVE-2025-9848 affects ScriptAndTools Real Estate Management System 1.0. The vulnerability resides in an unknown function within the file /admin/userlist.php, allowing manipulation that results in code execution after redirect. It can be exploited remotely and the exploit has been publicly disclos...

CVE-2025-9841

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

PT-2025-35651

Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A weakness has been identified in an unknown function of the register.php file, allowing for unrestricted file upload through manipulation of the uimage argument. Remote...

PT-2025-35652

Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A security issue has been identified in ScriptAndTools Real Estate Management System 1.0. The vulnerability involves an unknown function within the /admin/userlist.php file...

CVE-2025-9731

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9715

A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /xcmsassemblecontrol/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The...

PT-2025-35642

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A weakness exists in itsourcecode Sports Management System 1.0. The issue involves SQL injection due to manipulation of the code argument within an unknown function of the...

CVE-2025-9794

CVE-2025-9794 affects Campcodes Computer Sales and Inventory System 1.0. A SQL injection vulnerability exists in the /pages/pos_transac.php?action=add endpoint, exploitable by manipulating the cash/firstname parameter. Attacks may be performed remotely, and multiple parameters could be affected. ...

CVE-2025-9689

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...

CVE-2025-9687

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9775 RemoteClinic edit-my-profile.php unrestricted upload

A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used...