CVE-2025-9681 O2OA Personal Profile agent cross site scripting

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

PT-2025-35380

Name of the Vulnerable Software and Affected Versions: SourceCodester Water Billing System version 1.0 Description: A security flaw has been discovered that may allow for remote exploitation. The manipulation of the ID argument in the /viewbill.php file results in SQL injection. The exploit has...

PT-2025-35356

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions prior to 2.11 Description A weakness exists in Portabilis i-Educar up to version 2.10 due to improper authorization. This issue is related to an unknown function within the /module/HistoricoEscolar/processamentoApi...

CVE-2025-9676

CVE-2025-9676 affects NCSOFT Universe App (versions up to 1.3.0) due to improper export of AndroidManifest.xml in the com.ncsoft.universeapp component. Root cause: exported Android components not restricted, enabling local attack. Exploit is publicly available; no remote vector. A fix is availabl...

CVE-2025-9672

The CVE-2025-9672 entry affects Rejseplanen App (package de.hafas.android.rejseplanen) up to version 8.2.2. The vulnerability arises from an improper export of AndroidManifest.xml components in the app, enabling a local attack. Public exploit details exist, and there was no response from the vend...

DEBIAN-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9658

CVE-2025-9658 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component where an unknown function in the file path /x_portal_assemble_designer/jaxrs/dict/ allows manipulating the parameter name/alias/description. This leads to cross-site scripting, with remote exploita...

CVE-2025-9619

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The...

PT-2025-35246

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A flaw has been found in O2OA that allows for cross site scripting. The issue is related to the manipulation of the argument name/alias/description within an unknown function of the file /x portal...

PT-2025-35169

Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...

PT-2025-35252

Name of the Vulnerable Software and Affected Versions: Simple Grading System version 1.0 Description: A SQL injection issue exists in the Admin Panel component of the software, specifically within the /login.php file and an unknown function. This allows for remote execution of malicious code. The...

PT-2025-35186

Name of the Vulnerable Software and Affected Versions: E4 Sistemas Mercatus ERP version 2.00.019 Description: A security flaw exists in E4 Sistemas Mercatus ERP 2.00.019, involving improper control of resource identifiers due to manipulation of an unknown function within the...

CVE-2025-9594

A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-35143

Name of the Vulnerable Software and Affected Versions Cudy WR1200EA version 2.3.7-20250113-121810 Description A vulnerability exists in Cudy WR1200EA that allows for the use of a default password. The issue affects an unknown function within the /etc/shadow file. Exploitation requires local acces...

CVE-2025-9532

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...

CVE-2025-9532

Portabilis i-Educar up to version 2.10 contains a SQL injection in the RegraAvaliacao/view path triggered by manipulating the ID parameter. The flaw is exploitable remotely and has published proof-of-concept materials in public references. Multiple sources (Red Hat, NVD, CVE lists, and vendor-foc...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9514 macrozheng mall Registration weak password

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

PT-2025-34834

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue has been identified in itsourcecode Apartment Management System version 1.0. The vulnerability is due to SQL injection in the /branch/addbranch.php file...