VulDB Recent Entries

A vulnerability was found in KUNBUS Revolution Pi 2022-07-28-revpi-buster. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file php/dal.php. The manipulation of the argument arrSaveConfig leads to os command injection. This vulnerability is known as CVE-2024-8684. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file select-menu.php. The manipulation of the argument table leads to sql injection. This vulnerability is traded as CVE-2025-1192. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/approve-reject.php. The manipulation of the argument breject_id leads to sql injection. The identification of this vulnerability is CVE-2025-1191. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/load_user-profile.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1190. The attack can be initiated remotely. There is no exploit available. Multiple parameters might be affected.

A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation of the argument course_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. This vulnerability is handled as CVE-2025-1188. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-1187. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TP-Link Tapo C500 V1 Wi-Fi Camera and Tapo C500 V2 Wi-Fi Camera. Affected is an unknown function of the component RSA Private Key Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2025-1099. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Kelio Visio 1, Visio X7 and Visio X4 up to 5.1K. It has been rated as problematic. This issue affects some unknown processing of the file /PageLoginVisio.do of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-1175. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. This vulnerability was named CVE-2025-1186. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModal_Sensor_Graph. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1185. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModal_MQTTEdit. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2025-1184. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. This vulnerability is known as CVE-2025-1183. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-1182. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in npm-serialize-javascript up to 6.0.1. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11831. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-1181. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-1180. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-1179. The attack may be launched remotely. Furthermore, there is an exploit available. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-1178. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-1177. It is possible to launch the attack remotely. Furthermore, there is an exploit available.