CVE-2025-10774 - Ruijie 6000-E10 Remote OS Command Injection Vulnerability
CVE ID : CVE-2025-10774
Published : Sept. 22, 2025, 3:26 a.m. | 1 hour, 53 minutes ago
Description : A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10774
Published : Sept. 22, 2025, 3:26 a.m. | 1 hour, 53 minutes ago
Description : A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10775 - Wavlink WL-NU516U1 Os Command Injection Vulnerability
CVE ID : CVE-2025-10775
Published : Sept. 22, 2025, 3:26 a.m. | 1 hour, 53 minutes ago
Description : A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10775
Published : Sept. 22, 2025, 3:26 a.m. | 1 hour, 53 minutes ago
Description : A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10779 - D-Link DCS-935L Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-10779
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10779
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10778 - Smartstore Gift Voucher Handler Remote Race Condition
CVE ID : CVE-2025-10778
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10778
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59801 - Artifex GhostXPS TIFF Stack Buffer Overflow
CVE ID : CVE-2025-59801
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59801
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10777 - JSC R7 R7-Office Document Server Remote Path Traversal
CVE ID : CVE-2025-10777
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to address this issue. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: "We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue - the server consistently returns proper error responses to the provided scenarios."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10777
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to address this issue. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: "We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue - the server consistently returns proper error responses to the provided scenarios."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59799 - Artifex Ghostscript Stack-Based Buffer Overflow
CVE ID : CVE-2025-59799
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59799
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10784 - Campcodes Online Learning Management System SQL Injection Vulnerability
CVE ID : CVE-2025-10784
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10784
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59798 - Artifex Ghostscript PDF Write Cmap Stack Buffer Overflow
CVE ID : CVE-2025-59798
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59798
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10780 - CodeAstro Simple Pharmacy Management SQL Injection
CVE ID : CVE-2025-10780
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10780
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10781 - Campcodes Online Learning Management System SQL Injection
CVE ID : CVE-2025-10781
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10781
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10782 - Campcodes Online Learning Management System SQL Injection Vulnerability
CVE ID : CVE-2025-10782
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10782
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10783 - Campcodes Online Learning Management System SQL Injection Vulnerability
CVE ID : CVE-2025-10783
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10783
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59800 - Ghostscript Heap-Based Buffer Overflow
CVE ID : CVE-2025-59800
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59800
Published : Sept. 22, 2025, 7:10 a.m. | 2 hours, 10 minutes ago
Description : In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10788 - SourceCodester Online Hotel Reservation System SQL Injection
CVE ID : CVE-2025-10788
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10788
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9540 - WordPress Markup Markdown Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9540
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9540
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10787 - MuYuCMS SSRF Vulnerability
CVE ID : CVE-2025-10787
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10787
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9541 - WordPress Markup Markdown Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9541
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9541
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10785 - Campcodes Grocery Sales and Inventory System SQL Injection Vulnerability
CVE ID : CVE-2025-10785
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10785
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9115 - Etsy Shop WordPress Plugin Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9115
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9115
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9487 - WordPress ASE SVG Upload XSS
CVE ID : CVE-2025-9487
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9487
Published : Sept. 22, 2025, 9:13 a.m. | 4 hours, 8 minutes ago
Description : The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...