CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

PT-2025-29466 · Unknown · Simple Php Shopping Cart

Name of the Vulnerable Software and Affected Versions: Simple Shopping Cart version 1.0 Description: A critical issue exists in the processing of the /Customers/save order.php file. Manipulation of the order price argument can lead to SQL injection. This issue may be exploited remotely, and detai...

PT-2025-28146 · Unknown · Campcodes Complaint Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complaint Management System version 1.0 Description: A critical issue has been identified, affecting the /admin/index.php file, where manipulation of the Username argument leads to SQL injection. This issue can be exploited remotely...

PT-2025-29424 · Lb Link · Lb-Link Bl-Ac3600 +5

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC1900, BL-AC2100 AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000 versions up to 20250702 Description: A critical vulnerability exists in the Web Interface component of the affected devices. The vulnerability is related to the...

PT-2025-27558 · Unknown · Campcodes Employee Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Employee Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file /myprofileup.php. The manipulation of the ID argument leads to SQL injection. It is possible to...

PT-2025-27270 · Marvell · Marvell Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. The specific flaw exists within the implementation of th...

PT-2025-28077 · Belkin · Belkin F9K1122

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue has been found in the Belkin F9K1122, affecting the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection...

PT-2025-28084 · Belkin · Belkin F9K1122

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical vulnerability has been found in the function formConnectionSetting of the file /goform/formConnectionSetting of the component webs. The manipulation of the argument max Conn/timeOut leads...

PT-2025-23918 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 2.0 Description: A critical issue has been discovered, affecting the file /admin/edit-category.php. The manipulation of the description argument leads to SQL injection. This issue can be exploite...

PT-2025-23550 · Weblaudos · Weblaudos

Name of the Vulnerable Software and Affected Versions: WebLaudos version 24.2 04 Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the id parameter. This enables the attacker to access confidential data. Recommendations: For WebLaudos version 24...

PT-2025-23228 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.8.0 through 0.9.0 Description: The vLLM backend used with the "/v1/chat/completions" API endpoint fails to validate unexpected or malformed input in the pattern and type fields when the tools functionality is invoked. These...

PT-2025-22951 · Unknown · Campcodes Online Hospital Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Hospital Management System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown function of the file /admin/add-doctor.php. The manipulation of the Doctorspecialization argument...

PT-2025-22901 · Gestnet · Gestnet

Name of the Vulnerable Software and Affected Versions: Gestnet version 1.07 Description: This issue allows an attacker to retrieve, create, update, and delete databases via the fk remoto central parameter on the "/webservices/articles.php" endpoint. Recommendations: For Gestnet version 1.07, as a...

PT-2025-22849 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A problematic vulnerability was found in the Buy Item Page component of Tmall Demo, allowing for cross-site scripting through the manipulation of the Detailed Address argument. This issue can be exploite...

PT-2025-21836 · Unknown · Sourcecodester Restaurant Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Restaurant Management System version 1.0 Description: A critical issue affects the processing of the file "/admin/member save.php". The manipulation of the last argument leads to SQL injection. The attack may be initiated remotel...

PT-2025-21600 · Xu Yijie · Grpo-Flat

Name of the Vulnerable Software and Affected Versions: XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856 Description: A vulnerability has been found in the function main of the file grpo vanilla.py. The manipulation leads to deserialization. Local access is required to approach th...

PT-2025-26267 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A critical issue has been discovered, affecting an unknown part of the file /boa/formWSC. The manipulation of the targetAPSsid argument leads to os command injection. This issue can be...

PT-2025-20602 · WordPress · Wpforms

Name of the Vulnerable Software and Affected Versions: WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress versions up to, and including, 1.9.5 Description: The issue is related to Stored Cross-Site Scripting via the start timestamp...

PT-2025-20456 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.04B04 Description: A critical issue affects the formSysCmd function, where manipulation of the sysCmd argument leads to command injection. This can be initiated remotely. The vendor was contacted about this disclosur...

PT-2025-19833 · Unknown · Sourcecodester Advanced Web Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Advanced Web Store version 1.0 Description: A critical vulnerability was found in SourceCodester Advanced Web Store. The issue affects an unknown function of the file /admin/admin addnew product.php. The manipulation of the...