CVE-2025-12271 - Tenda CH22 RouteStatic fromRouteStatic buffer overflow
CVE ID : CVE-2025-12271
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12271
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12272 - Tenda CH22 addressNat fromAddressNat buffer overflow
CVE ID : CVE-2025-12272
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12272
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41009 - SQL injection on the virtual campus platform of Diseño de Recursos Educativos
CVE ID : CVE-2025-41009
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41009
Published : Oct. 27, 2025, 12:15 p.m. | 1 hour, 36 minutes ago
Description : SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11248 - Sensitive Information Logged
CVE ID : CVE-2025-11248
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11248
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12273 - Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow
CVE ID : CVE-2025-12273
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12273
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12274 - Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow
CVE ID : CVE-2025-12274
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12274
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12276 - LearnHouse Image information disclosure
CVE ID : CVE-2025-12276
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12276
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12277 - Abdullah-Hasan-Sajjad Online-School studentLogin.php sql injection
CVE ID : CVE-2025-12277
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12277
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12279 - code-projects Client Details System welcome.php cross site scripting
CVE ID : CVE-2025-12279
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12279
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41067 - Reachable Assertion vulnerability in Open5GS
CVE ID : CVE-2025-41067
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and renders the discovery service unavailable.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41067
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and renders the discovery service unavailable.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41068 - Reachable Assertion vulnerability in Open5GS
CVE ID : CVE-2025-41068
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the process, leaving the discovery service unresponsive.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41068
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the process, leaving the discovery service unresponsive.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41384 - Reflected Cross-Site Scripting (XSS) in SuiteCRM
CVE ID : CVE-2025-41384
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41384
Published : Oct. 27, 2025, 1:15 p.m. | 36 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12280 - code-projects Client Details System update-clients.php cross site scripting
CVE ID : CVE-2025-12280
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12280
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12281 - code-projects Client Details System clientview.php cross site scripting
CVE ID : CVE-2025-12281
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12281
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12282 - code-projects Client Details System manage-users.php cross site scripting
CVE ID : CVE-2025-12282
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12282
Published : Oct. 27, 2025, 1:32 p.m. | 20 minutes ago
Description : A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50055 - OpenVPN Access Server SAML Authentication XSS
CVE ID : CVE-2025-50055
Published : Oct. 27, 2025, 1:39 p.m. | 12 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50055
Published : Oct. 27, 2025, 1:39 p.m. | 12 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-37749 - HubSpot Unauthenticated Data Disclosure Vulnerability
CVE ID : CVE-2023-37749
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-37749
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-49440 - AhnLab EPP SQL Injection Vulnerability
CVE ID : CVE-2023-49440
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-49440
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10023 - A user with elevated privileges can inject XSS in the Services Meta-services configuration page
CVE ID : CVE-2025-10023
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10023
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12291 - ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload
CVE ID : CVE-2025-12291
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12291
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12292 - SourceCodester Point of Sales index.php sql injection
CVE ID : CVE-2025-12292
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12292
Published : 2025年10月27日16:15 | 1時間, 20分 ago
Description : A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...