🚨 CVE-2025-8702
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
vul2 · Issue #2 · si12/xxx
WOES Intelligent Optimization Energy-saving System - Historical Data Query Module - GetVariableByOneIDNew Interface - Vulnerable to SQL Injection Function location: An injection point was found in ...
🚨 CVE-2025-8703
A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
vul3 · Issue #3 · si12/xxx
The WOES intelligent optimization energy-saving system - environmental real-time data module - GetAreaTrendChartData interface has a SQL injection vulnerability function location: An injection poin...
🚨 CVE-2025-9786
A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well.
🎖@cveNotify
A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well.
🎖@cveNotify
GitHub
Campcodes Online Learning Management System V1.0 /lms/teacher_signup.php SQL injection · Issue #6 · wyyyxxxx1017/CVE
Campcodes Online Learning Management System V1.0 /lms/teacher_signup.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Learning Management System Vendor Homepage https://www.campcodes.com/projec...
🚨 CVE-2025-9788
A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument id_no can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument id_no can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
CampCodes School Log Management System Project V1.0 /admin/admin_class.php SQL injection · Issue #10 · wyyyxxxx1017/CVE
CampCodes School Log Management System Project V1.0 /admin/admin_class.php SQL injection NAME OF AFFECTED PRODUCT(S) School Log Management System Vendor Homepage https://www.campcodes.com/projects/...
🚨 CVE-2025-9789
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
GitHub
cve/Online Hotel Reservation System In PHP With Source Code - SQL Injection in edituser.php.md at main · YoSheep/cve
My CVE. Contribute to YoSheep/cve development by creating an account on GitHub.
🚨 CVE-2025-9790
A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
GitHub
cve/Online Hotel Reservation System In PHP With Source Code - SQL Injection in updateabout.php.md at main · YoSheep/cve
My CVE. Contribute to YoSheep/cve development by creating an account on GitHub.
🚨 CVE-2025-9792
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /e_dashboard/e_all_info.php SQL injection · Issue #62 · zzb1388/cve
itsourcecode Apartment Management System Project V1.0 /e_dashboard/e_all_info.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free...
🚨 CVE-2025-9793
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /setting/admin.php SQL injection · Issue #61 · zzb1388/cve
itsourcecode Apartment Management System Project V1.0 /setting/admin.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free-projects...
🚨 CVE-2025-9794
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.
🎖@cveNotify
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.
🎖@cveNotify
GitHub
Campcodes Computer Sales and Inventory System V1.0 /ComputerSalesInventorySystem/pages/pos_transac.php?action=add SQL injection…
Campcodes Computer Sales and Inventory System V1.0 /ComputerSalesInventorySystem/pages/pos_transac.php?action=add SQL injection NAME OF AFFECTED PRODUCT(S) Computer Sales and Inventory System Vendo...
🚨 CVE-2025-58161
MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWD_DIR (e.g., .../downloads_bak, .../downloads.old). This is a Directory Traversal (escape) leading to a data leak. This issue has been patched in version 4.4.1.
🎖@cveNotify
MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWD_DIR (e.g., .../downloads_bak, .../downloads.old). This is a Directory Traversal (escape) leading to a data leak. This issue has been patched in version 4.4.1.
🎖@cveNotify
GitHub
[Security] Fix Vulnerabilities Aug 2025 MobSF v4.4.1 (#2545) · MobSF/Mobile-Security-Framework-MobSF@7f3bc08
Bump dependencies
Fix Security Vulnerabilities reported by @noname1337h1
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3
https://github.com/MobSF/Mo...
Fix Security Vulnerabilities reported by @noname1337h1
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3
https://github.com/MobSF/Mo...
🚨 CVE-2025-58162
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
🎖@cveNotify
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
🎖@cveNotify
GitHub
[Security] Fix Vulnerabilities Aug 2025 MobSF v4.4.1 (#2545) · MobSF/Mobile-Security-Framework-MobSF@7f3bc08
Bump dependencies
Fix Security Vulnerabilities reported by @noname1337h1
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3
https://github.com/MobSF/Mo...
Fix Security Vulnerabilities reported by @noname1337h1
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3
https://github.com/MobSF/Mo...
🚨 CVE-2025-9811
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
Campcodes Farm Management System V1.0 /reviewInput.php SQL injection · Issue #10 · zhaodaojie/cve
Campcodes Farm Management System V1.0 /reviewInput.php SQL injection NAME OF AFFECTED PRODUCT(S) Farm Management System Vendor Homepage https://www.campcodes.com/ Contributor Name Zhao Daojie, Tang...
🚨 CVE-2025-9814
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
GitHub
phpgurukul Beauty Parlour Management System Project V1.1 /admin/contact-us.php SQL injection · Issue #3 · dad-zm/myCVE
phpgurukul Beauty Parlour Management System Project V1.1 /admin/contact-us.php SQL injection NAME OF AFFECTED PRODUCT(S) Beauty Parlour Management System Vendor Homepage https://phpgurukul.com/beau...
🚨 CVE-2025-1139
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.
🎖@cveNotify
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0
🚨 CVE-2025-1142
IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
🎖@cveNotify
IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0
🚨 CVE-2025-8612
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally.
The specific flaw exists within the restore functionality. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27059.
🎖@cveNotify
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally.
The specific flaw exists within the restore functionality. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27059.
🎖@cveNotify
Zerodayinitiative
ZDI-25-806
(0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability
🚨 CVE-2025-9433
A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
🎖@cveNotify
Gitee
langhsu/mblog.git: mblog开源免费的博客系统, Java语言开发, 支持mysql/h2数据库, 采用spring-boot、jpa、shiro、bootstrap等流行框架开发
🚨 CVE-2025-9461
A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
🚨 CVE-2025-9743
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
🚨 CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster.
🎖@cveNotify
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster.
🎖@cveNotify
GitHub
gateway-api: Enqueue gateway for Reference Grant changes · cilium/cilium@ed3dfa0
This commit is to make sure that the reconciliation loop is kicked off
for Gateway object if there is any change in ReferenceGrant (mainly for
SecretObjectReference).
Signed-off-by: Tam Mach &...
for Gateway object if there is any change in ReferenceGrant (mainly for
SecretObjectReference).
Signed-off-by: Tam Mach &...
🚨 CVE-2024-52529
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.
🎖@cveNotify
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.
🎖@cveNotify
GitHub
bpf: Policy map precedence by LPM prefix length by jrajahalme · Pull Request #35150 · cilium/cilium
Policy map key can have nexthdr and destination port fields wildcarded. Cilium datapath typically performs two policy map lookups, one with the L3 identity mapped from the relevant IP address (dest...