CVE-2025-9426 - iSourcecode Online Tour and Travel Management System SQL Injection
CVE ID : CVE-2025-9426
Published : Aug. 25, 2025, 11:15 p.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9426
Published : Aug. 25, 2025, 11:15 p.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9429 - Mtons Mblog Cross Site Scripting Vulnerability
CVE ID : CVE-2025-9429
Published : Aug. 26, 2025, 12:15 a.m. | 4 hours, 9 minutes ago
Description : A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9429
Published : Aug. 26, 2025, 12:15 a.m. | 4 hours, 9 minutes ago
Description : A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9430 - Mtons Mblog Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9430
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9430
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9431 - Mtons MBlog Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9431
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9431
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9432 - Mtons MBlog Cross Site Scripting Vulnerability
CVE ID : CVE-2025-9432
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9432
Published : Aug. 26, 2025, 1:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8447 - GitHub Enterprise Server Code Access Bypass
CVE ID : CVE-2025-8447
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8447
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9433 - Mtons MBlog Remote Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9433
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9433
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9434 - "1000projects Online Project Report Submission and Evaluation System Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-9434
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9434
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9438 - 1000projects Online Project Report Submission and Evaluation System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9438
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9438
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9439 - Apache 1000projects Online Project Report Submission and Evaluation System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9439
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9439
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9440 - Apache 1000projects Online Project Report Submission and Evaluation System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9440
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9440
Published : Aug. 26, 2025, 2:15 a.m. | 2 hours, 9 minutes ago
Description : A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9443 - Tenda CH22 Buffer Overflow Vulnerability
CVE ID : CVE-2025-9443
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9443
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9444 - "1000projects Online Project Report Submission and Evaluation System SQL Injection Vulnerability"
CVE ID : CVE-2025-9444
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9444
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9461 - Diyhi BBS File Compression Handler Information Disclosure Vulnerability
CVE ID : CVE-2025-9461
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9461
Published : Aug. 26, 2025, 3:15 a.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9172 - WordPress Vibes Plugin SQL Injection Vulnerability
CVE ID : CVE-2025-9172
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9172
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9468 - iSourcecode Apartment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9468
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9468
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9469 - iSourcecode Apartment Management System SQL Injection
CVE ID : CVE-2025-9469
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9469
Published : Aug. 26, 2025, 4:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9470 - iSourcecode Apartment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9470
Published : Aug. 26, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9470
Published : Aug. 26, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9471 - iSourcecode Apartment Management System SQL Injection
CVE ID : CVE-2025-9471
Published : Aug. 26, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9471
Published : Aug. 26, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5931 - Dokan Pro WordPress Privilege Escalation via Account Takeover
CVE ID : CVE-2025-5931
Published : Aug. 26, 2025, 5:15 a.m. | 3 hours, 10 minutes ago
Description : The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5931
Published : Aug. 26, 2025, 5:15 a.m. | 3 hours, 10 minutes ago
Description : The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9472 - iSourcecode Apartment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9472
Published : Aug. 26, 2025, 5:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9472
Published : Aug. 26, 2025, 5:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...