CVE-2025-12608 - itsourcecode Online Loan Management System manage_user.php sql injection
CVE ID : CVE-2025-12608
Published : Nov. 3, 2025, 1:15 a.m. | 2 hours, 40 minutes ago
Description : A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12608
Published : Nov. 3, 2025, 1:15 a.m. | 2 hours, 40 minutes ago
Description : A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12609 - CodeAstro Gym Management System update-progress.php sql injection
CVE ID : CVE-2025-12609
Published : Nov. 3, 2025, 2:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12609
Published : Nov. 3, 2025, 2:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12610 - CodeAstro Gym Management System view-progress-report.php sql injection
CVE ID : CVE-2025-12610
Published : Nov. 3, 2025, 2:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12610
Published : Nov. 3, 2025, 2:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12611 - Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer overflow
CVE ID : CVE-2025-12611
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12611
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12612 - Campcodes School Fees Payment Management System ajax.php sql injection
CVE ID : CVE-2025-12612
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12612
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12614 - SourceCodester Best House Rental Management System admin_class.php delete_payment sql injection
CVE ID : CVE-2025-12614
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function delete_payment of the file /admin_class.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12614
Published : Nov. 3, 2025, 3:15 a.m. | 40 minutes ago
Description : A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function delete_payment of the file /admin_class.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12615 - PHPGurukul News Portal settings.py hard-coded key
CVE ID : CVE-2025-12615
Published : Nov. 3, 2025, 3:32 a.m. | 23 minutes ago
Description : A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12615
Published : Nov. 3, 2025, 3:32 a.m. | 23 minutes ago
Description : A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12616 - PHPGurukul News Portal settings.py insertion of sensitive information into debugging code
CVE ID : CVE-2025-12616
Published : Nov. 3, 2025, 4:15 a.m. | 3 hours, 40 minutes ago
Description : A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12616
Published : Nov. 3, 2025, 4:15 a.m. | 3 hours, 40 minutes ago
Description : A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12617 - itsourcecode Billing System login_crud.php sql injection
CVE ID : CVE-2025-12617
Published : Nov. 3, 2025, 5:15 a.m. | 2 hours, 40 minutes ago
Description : A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12617
Published : Nov. 3, 2025, 5:15 a.m. | 2 hours, 40 minutes ago
Description : A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12503 - Digiwin|EasyFlow .NET and EasyFlow AiNet
CVE ID : CVE-2025-12503
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12503
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12618 - Tenda AC8 DatabaseIniSet buffer overflow
CVE ID : CVE-2025-12618
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12618
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12619 - Tenda A15 openNetworkGateway fromSetWirelessRepeat buffer overflow
CVE ID : CVE-2025-12619
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12619
Published : Nov. 3, 2025, 7:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12622 - Tenda AC10 SysRunCmd formSysRunCmd buffer overflow
CVE ID : CVE-2025-12622
Published : Nov. 3, 2025, 7:32 a.m. | 24 minutes ago
Description : A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12622
Published : Nov. 3, 2025, 7:32 a.m. | 24 minutes ago
Description : A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12623 - fushengqian fuint Authentication Token ClientSignController.java authorization
CVE ID : CVE-2025-12623
Published : Nov. 3, 2025, 8:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Token Handler. Such manipulation leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitation is known to be difficult. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12623
Published : Nov. 3, 2025, 8:15 a.m. | 3 hours, 42 minutes ago
Description : A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Token Handler. Such manipulation leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitation is known to be difficult. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48396 - Eaton BLSS File Upload Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-48396
Published : Nov. 3, 2025, 8:15 a.m. | 3 hours, 42 minutes ago
Description : Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48396
Published : Nov. 3, 2025, 8:15 a.m. | 3 hours, 42 minutes ago
Description : Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48397 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-48397
Published : Nov. 3, 2025, 9:15 a.m. | 2 hours, 41 minutes ago
Description : The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48397
Published : Nov. 3, 2025, 9:15 a.m. | 2 hours, 41 minutes ago
Description : The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0987 - IDOR in CB Project's CVLand
CVE ID : CVE-2025-0987
Published : Nov. 3, 2025, 12:15 p.m. | 3 hours, 43 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0987
Published : Nov. 3, 2025, 12:15 p.m. | 3 hours, 43 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12626 - jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java getImgUrl path traversal
CVE ID : CVE-2025-12626
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12626
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40107 - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
CVE ID : CVE-2025-40107
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40107
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64294 - WordPress WP Snow Effect plugin <= 1.1.15 - Broken Access Control to Notice Dismissal vulnerability
CVE ID : CVE-2025-64294
Published : Nov. 3, 2025, 2:15 p.m. | 1 hour, 43 minutes ago
Description : Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64294
Published : Nov. 3, 2025, 2:15 p.m. | 1 hour, 43 minutes ago
Description : Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11761 - HP Client Management Script Library – Security Update
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...