CVE-2025-9766 itsourcecode Sports Management System facilitator.php sql injection

A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-9765 itsourcecode Sports Management System tournament_details.php sql injection

A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournamentdetails.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2025-9755 Khanakag-17 Library Management System index.php cross site scripting

A vulnerability has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9659

A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /xportalassembledesigner/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9734

O2OA up to version 10.0-410 contains a cross-site scripting vulnerability in the Personal Profile Page component, triggered by manipulating the name/alias/description/applicationName arguments in the file path /x_query_assemble_designer/jaxrs/stat. The issue is exploitable remotely and, per sourc...

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9721 Portabilis i-Educar edit cross site scripting

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9619

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The...

PT-2025-35425

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A weakness exists in Campcodes Online Loan Management System that may allow for SQL injection. The issue is located in an unknown function of the file /ajax.php?action=login...

PT-2025-35395

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A flaw has been found that allows for cross site scripting. The manipulation of the nome/formulaMedia argument in an unknown function of the /module/FormulaMedia/edit file causes this issue...

CVE-2025-9492

A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may b...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9701 SourceCodester Simple Cafe Billing System receipt.php sql injection

A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-9687

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9681 O2OA Personal Profile agent cross site scripting

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

PT-2025-35356

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions prior to 2.11 Description A weakness exists in Portabilis i-Educar up to version 2.10 due to improper authorization. This issue is related to an unknown function within the /module/HistoricoEscolar/processamentoApi...