CVE-2025-12253 - AMTT Hotel Broadband Operation System get_expiredtime.php sql injection
CVE ID : CVE-2025-12253
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12253
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12254 - code-projects Online Event Judging System add_judge.php sql injection
CVE ID : CVE-2025-12254
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12254
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12255 - code-projects Online Event Judging System add_contestant.php sql injection
CVE ID : CVE-2025-12255
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12255
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46582 - Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
CVE ID : CVE-2025-46582
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46582
Published : Oct. 27, 2025, 9:15 a.m. | 36 minutes ago
Description : A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46583 - DOS Vulnerability in ZTE MC889A Pro product
CVE ID : CVE-2025-46583
Published : Oct. 27, 2025, 9:23 a.m. | 28 minutes ago
Description : There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46583
Published : Oct. 27, 2025, 9:23 a.m. | 28 minutes ago
Description : There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12256 - code-projects Online Event Judging System edit_contestant.php sql injection
CVE ID : CVE-2025-12256
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12256
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12257 - SourceCodester Online Student Result System view_result.php sql injection
CVE ID : CVE-2025-12257
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_result.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12257
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_result.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12258 - TOTOLINK A3300R POST Parameter cstecgi.cg setOpModeCfg stack-based overflow
CVE ID : CVE-2025-12258
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12258
Published : Oct. 27, 2025, 9:32 a.m. | 20 minutes ago
Description : A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59459 - Denial-of-service (DoS) via resource consumption
CVE ID : CVE-2025-59459
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59459
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59460 - Unsecure access configuration
CVE ID : CVE-2025-59460
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59460
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59461 - API does not require authentication
CVE ID : CVE-2025-59461
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59461
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59462 - Denial-of-service (DoS) via delayed or missing client response
CVE ID : CVE-2025-59462
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59462
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59463 - Denial-of-service (DoS) via chunk size mismatch
CVE ID : CVE-2025-59463
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59463
Published : Oct. 27, 2025, 11:15 a.m. | 2 hours, 36 minutes ago
Description : An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11955 - Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise
CVE ID : CVE-2025-11955
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11955
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12268 - LearnHouse Course Thumbnail courses unrestricted upload
CVE ID : CVE-2025-12268
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12268
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12269 - LearnHouse Account Setting previews cross site scripting
CVE ID : CVE-2025-12269
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12269
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12270 - LearnHouse Student Assignment Submission sub_file resource injection
CVE ID : CVE-2025-12270
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12270
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12271 - Tenda CH22 RouteStatic fromRouteStatic buffer overflow
CVE ID : CVE-2025-12271
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12271
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12272 - Tenda CH22 addressNat fromAddressNat buffer overflow
CVE ID : CVE-2025-12272
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12272
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41009 - SQL injection on the virtual campus platform of Diseño de Recursos Educativos
CVE ID : CVE-2025-41009
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41009
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11248 - Sensitive Information Logged
CVE ID : CVE-2025-11248
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11248
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...