Submit #631517: Linksys RE6500、RE6250、RE6300、RE6350、RE7000、RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection [Accepted]
Submit #631517 / VDB-320775
Aggregator
CVE-2025-9241 | elunez eladmin up to 2.7 exportUser csv injection (Issue 886)
9 hours 46 minutes ago
A vulnerability was found in elunez eladmin up to 2.7. It has been classified as problematic. This affects the function exportUser. This manipulation causes csv injection.
This vulnerability appears as CVE-2025-9241. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2025-9240 | elunez eladmin up to 2.7 /auth/info information disclosure (Issue 885)
9 hours 46 minutes ago
A vulnerability was found in elunez eladmin up to 2.7 and classified as problematic. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure.
This vulnerability is reported as CVE-2025-9240. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2025-9239 | elunez eladmin up to 2.7 DES Key EncryptUtils.java EncryptUtils STR_PARAM inadequate encryption (Issue 884)
9 hours 46 minutes ago
A vulnerability has been found in elunez eladmin up to 2.7 and classified as problematic. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength.
This vulnerability is documented as CVE-2025-9239. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
Submit #634313: itsourcecode Insurance Management System V1.0 SQL Injection [Duplicate]
9 hours 48 minutes ago
Submit #634313 / VDB-199683
chessplayer
Submit #631473: elunez eladmin ≤ 2.7 CSV/XLSX Injection(CWE-1236) [Accepted]
9 hours 51 minutes ago
Submit #631473 / VDB-320774
ez-lbz
Submit #631424: elunez eladmin <=2.7 Sensitive Information Disclosure [Accepted]
9 hours 51 minutes ago
Submit #631424 / VDB-320773
ez-lbz
Submit #631393: elunez eladmin <=2.7 Hardcoded DES Key [Accepted]
9 hours 51 minutes ago
Submit #631393 / VDB-320772
ez-lbz
CVE-2025-9238 | Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f Student Login /student.php email sql injection
9 hours 52 minutes ago
A vulnerability, which was classified as critical, was found in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection.
This vulnerability is registered as CVE-2025-9238. It is possible to launch the attack remotely. Furthermore, an exploit is available.
This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-9237 | CodeAstro Ecommerce Website 1.0 Edit Your Account Page my_account.php?edit_account Username cross site scripting
9 hours 55 minutes ago
A vulnerability, which was classified as problematic, has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting.
This vulnerability is cataloged as CVE-2025-9237. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Http2指纹识别
9 hours 55 minutes ago
本文介绍了http2指纹实现的一些构想,用于代理检测
Любой сайт теперь может читать ваши разговоры с ИИ. Без единого клика
9 hours 57 minutes ago
Брешь в Ollama позволяет читать ваши чаты с ИИ и подсовывать "отравленные" модели.
CVE-2025-9236 | Portabilis i-Diario up to 2.10 Tipos de usàrio Page educar_tipo_usuario_lst.php nm_tipo sql injection
9 hours 57 minutes ago
A vulnerability classified as critical was found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such manipulation of the argument nm_tipo leads to sql injection.
This vulnerability is listed as CVE-2025-9236. The attack may be performed from a remote location. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #631142: GitHub Exam-Seating-Arrangement 1.0 SQL Injection [Accepted]
9 hours 57 minutes ago
Submit #631142 / VDB-320771
0xSebin
Рулетка Bragg Gaming остановилась на чёрном поле. Ставка на безопасность сгорела — казино закрывается
9 hours 58 minutes ago
Блэкджек с киберпреступниками обернулся катастрофой для IT-систем.
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
9 hours 58 minutes ago
The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads.
In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead to:
Exfiltration of sensitive information from the user’s machine , and also to a System compromise by running arbitrary code Today we will show how an attack can leverage invisible Unicode Tag characters that humans cannot see.
Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit
9 hours 58 minutes ago
Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments
Submit #631136: CodeAstro Ecommerce Website in PHP MySQL 1.0 Stored Cross Site Scripting [Accepted]
10 hours ago
Submit #631136 / VDB-320770
0xSebin
CVE-2025-9235 | Scada-LTS up to 2.7.8.1 compound_events.shtm Name cross site scripting
10 hours 1 minute ago
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting.
This vulnerability is tracked as CVE-2025-9235. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2025-9234 | Scada-LTS up to 2.7.8.1 maintenance_events.shtm Alias cross site scripting
10 hours 1 minute ago
A vulnerability described as problematic has been identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting.
This vulnerability is identified as CVE-2025-9234. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com