VulDB Recent Entries

A vulnerability was found in itsourcecode Sports Management System 1.0. It has been rated as critical. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. The identification of this vulnerability is CVE-2025-9596. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Student Information Management System 1.0. It has been declared as problematic. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. This vulnerability was named CVE-2025-9595. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-9594. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead to sql injection. This vulnerability is handled as CVE-2025-9593. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in itsourcecode Apartment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. This vulnerability is known as CVE-2025-9592. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, was found in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. This vulnerability is traded as CVE-2025-9591. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in D-Link DIR-868L B1 2.05WWB0. This affects an unknown part of the file fileaccess.cgi. This manipulation of the argument pre_api_arg causes os command injection. This vulnerability appears as CVE-2025-55583. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in Tenda AC8 16.03.33.05. Affected by this issue is some unknown functionality. The manipulation results in inadequate encryption strength. This vulnerability is reported as CVE-2025-52054. The attack can be launched remotely. No exploit exists.

A vulnerability classified as problematic has been found in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. This vulnerability is documented as CVE-2025-9590. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. This vulnerability is registered as CVE-2025-9589. The attack needs to be launched locally. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as problematic has been reported in IBM Watson Studio on Cloud Pak for Data 4.0/5.0. This impacts an unknown function of the component Web UI. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-49790. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Acronis Cyber Protect Cloud Agent up to 40733 on Windows. This affects an unknown function. Such manipulation leads to incorrect permission assignment. This vulnerability is listed as CVE-2025-9578. The attack must be carried out locally. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in ProjectsAndPrograms School Management System 1.0. The impacted element is an unknown function of the file themeSet.php of the component POST Parameter Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-51967. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. The affected element is an unknown function of the file register.php. The manipulation of the argument f_name results in cross site scripting. This vulnerability is identified as CVE-2025-51971. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been rated as critical. Impacted is an unknown function of the file product.php of the component GET Parameter Handler. The manipulation of the argument GETproduct_id leads to sql injection. This vulnerability is referenced as CVE-2025-51969. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. This issue affects some unknown processing of the file action.php of the component POST Parameter Handler. Executing manipulation of the argument proId can lead to sql injection. The identification of this vulnerability is CVE-2025-51968. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in PuneethReddyHC ReddyHC Online Shopping System Advanced 1.0. It has been classified as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. Performing manipulation of the argument keyword results in sql injection. This vulnerability was named CVE-2025-51972. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in bPlugins B Slider Plugin up to 1.1.30 on WordPress and classified as problematic. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-54734. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in emarket-design Employee Spotlight Plugin up to 5.1.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes deserialization. This vulnerability is handled as CVE-2025-53583. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in uxper Golo Plugin up to 1.7.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-54724. It is possible to launch the attack remotely. No exploit is available.