CVE-2025-7586 - Tenda AC500 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-7586
Published : July 14, 2025, 8:15 a.m. | 42 minutes ago
Description : A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7586
Published : July 14, 2025, 8:15 a.m. | 42 minutes ago
Description : A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-26292 - Avid NEXIS E-series, F-series, PRO+, SDA+: Authenticated Arbitrary File Deletion Vulnerability
CVE ID : CVE-2024-26292
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-26292
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24391 - OTRS Information Disclosure
CVE ID : CVE-2025-24391
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24391
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7587 - Code-projects Online Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-7587
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cover.php. The manipulation of the argument uname/psw leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7587
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cover.php. The manipulation of the argument uname/psw leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7588 - PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability
CVE ID : CVE-2025-7588
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file edit-product.php. The manipulation of the argument productname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7588
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file edit-product.php. The manipulation of the argument productname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7589 - PHPGurukul Dairy Farm Shop Management System SQL Injection
CVE ID : CVE-2025-7589
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7589
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7590 - PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability
CVE ID : CVE-2025-7590
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7590
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7591 - PHPGurukul Dairy Farm Shop Management System SQL Injection
CVE ID : CVE-2025-7591
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file view-invoice.php. The manipulation of the argument invid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7591
Published : July 14, 2025, 9:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file view-invoice.php. The manipulation of the argument invid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-26293 - Avid Nexis gSOAP Unauthenticated Path Traversal Vulnerability
CVE ID : CVE-2024-26293
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-26293
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53689 - Apache Jackrabbit XXE Injection Vulnerability
CVE ID : CVE-2025-53689
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53689
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7592 - PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability
CVE ID : CVE-2025-7592
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7592
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7593 - Job Diary SQL Injection Vulnerability
CVE ID : CVE-2025-7593
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7593
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7594 - Job Diary SQL Injection Vulnerability
CVE ID : CVE-2025-7594
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7594
Published : July 14, 2025, 10:15 a.m. | 2 hours, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51767 - HPE AutoPass License Server Authentication Bypass Vulnerability
CVE ID : CVE-2024-51767
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51767
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51768 - HPE AutoPass License Server HSQLDB Remote Code Execution Vulnerability
CVE ID : CVE-2024-51768
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51768
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51769 - HPE AutoPass License Server (APLS) Information Disclosure Vulnerability
CVE ID : CVE-2024-51769
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51769
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51770 - HPE AutoPass License Server Information Disclosure Vulnerability
CVE ID : CVE-2024-51770
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51770
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7595 - "Job Diary SQL Injection Vulnerability"
CVE ID : CVE-2025-7595
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7595
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7596 - Tenda FH1205 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-7596
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7596
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7597 - Tenda AX1803 Stack-Based Buffer Overflow
CVE ID : CVE-2025-7597
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7597
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7598 - Tenda AX1803 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-7598
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7598
Published : July 14, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...