VulDB Recent Entries

A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is traded as CVE-2025-2381. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The identification of this vulnerability is CVE-2025-2380. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. This vulnerability was named CVE-2025-2379. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2378. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. This vulnerability is handled as CVE-2025-2377. The attack may be launched remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions contradicting product names.

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserialization. This vulnerability is known as CVE-2025-2376. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argument email leads to cross site scripting. This vulnerability is traded as CVE-2025-2375. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobilenumber/email leads to sql injection. The identification of this vulnerability is CVE-2025-2374. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the argument mobnumber/employeeid leads to sql injection. This vulnerability was named CVE-2025-2373. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component Password Recovery Page. The manipulation of the argument username leads to sql injection. This vulnerability is uniquely identified as CVE-2025-2372. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile Number Search. The manipulation of the argument regmobilenumber leads to cross site scripting. This vulnerability is handled as CVE-2025-2371. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-2370. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-2369. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-2368. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. This vulnerability was named CVE-2025-2367. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2366. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-2365. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. This vulnerability is known as CVE-2025-2364. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. This vulnerability is traded as CVE-2025-2363. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The identification of this vulnerability is CVE-2025-2362. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.