Aggregator

A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-6888. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6887. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-6886. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #603882 / VDB-314370

Submit #603855 / VDB-314278

Submit #603844 / VDB-314369

Submit #603831 / VDB-314368

A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. This vulnerability is traded as CVE-2025-6885. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Author/Presenter: Cameron Knauff (stillOS Developer)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: stillOS Launch Event appeared first on Security Boulevard.

Submit #603793 / VDB-314367

Submit #603789 / VDB-314366

Submit #603788 / VDB-314366

Submit #603775 / VDB-314365

Submit #603774 / VDB-314365

Submit #603787 / VDB-225179

Submit #603779 / VDB-225179

Submit #603777 / VDB-225179

Submit #603767 / VDB-311349

Submit #603766 / VDB-314364

A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /search_index.php. The manipulation of the argument Search leads to sql injection. The identification of this vulnerability is CVE-2025-6884. The attack may be initiated remotely. Furthermore, there is an exploit available.