CVE-2025-9108

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

CVE-2025-9108 Portabilis i-Diario Login Page ui layer

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

CVE-2025-9108

CVE-2025-9108 affects Portabilis i-Diário’s Login Page UI layer. The root cause is an issue with improper restriction of rendered UI layers caused by manipulation of an unknown function, enabling remote exploitation. The PT-2025-33637 entry notes the vulnerable component and that exploit can be p...

CVE-2025-9107 Portabilis i-Diario search_autocomplete cross site scripting

A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/searchautocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly...

PT-2025-33637 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The component Login Page contains an issue with improper restriction of rendered UI layers due to manipulation of an unknown function. This issue can be...

CVE-2025-9091 Tenda AC20 shadow hard-coded credentials

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-8957

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departureairportid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8951 PHPGurukul Teachers Record Management System search.php sql injection

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

CVE-2025-8934 1000 Projects Sales Management System sales.php cross site scripting

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-8925

CVE-2025-8925 affects itsourcecode Sports Management System 1.0. The vulnerability is an SQL injection in /Admin/match.php caused by unsafely handling the code parameter, enabling remote exploitation and unauthorized data access. Exploit details have been publicly disclosed. No official fix/versi...

CVE-2025-8792

A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8834 JCG Link-net LW-N915R Wireless Basic Settings basic.asp cross site scripting

A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack...

PT-2025-32534 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP versions prior to 3.6 Description: A vulnerability exists in jshERP up to version 3.5. An unknown function within the file /jshERP-boot/user/deleteBatch of the Endpoint component is affected. Manipulation of the argument ids leads to...

CVE-2025-8815

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack...

CVE-2025-8815 猫宁i Morning Shiro Configuration index path traversal

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack...

CVE-2025-8798

The CVE-2025-8798 entry concerns oitcode samarium versions up to 0.9.6. The vulnerability is an unrestricted file upload in the /dashboard/product area of the Create Product Page component. The underlying issue allows a remote attacker to upload arbitrary files, with exploitation being publicly d...

CVE-2025-8792

LitmusChaos (Litmus) up to version 3.19.0 is affected by a vulnerability described as a client‑side enforcement of server‑side security due to an issue in an unknown function. The vulnerability can be exploited remotely, and public exploitation has been disclosed. Multiple sources corroborate the...