π¨ CVE-2025-12230
A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
[Open Source Project]"Expense Management System in php free download" Project V1.0 Critical Persistent Cross-Site Scripting (XSS)β¦
NAME OF AFFECTED PRODUCT(S) Expense Management System in php free download Vendor Homepage https://projectworlds.com/free-projects/php-projects/expense-management-system-in-php-free-download/ AFFEC...
π¨ CVE-2025-12231
A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
[Open Source Project]"Expense Management System in php free download" Project V1.0 Critical Persistent Cross-Site Scripting (XSS)β¦
NAME OF AFFECTED PRODUCT(S) Expense Management System in php free download Vendor Homepage https://projectworlds.com/free-projects/php-projects/expense-management-system-in-php-free-download/ AFFEC...
π¨ CVE-2025-12055
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
π@cveNotify
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
π@cveNotify
π¨ CVE-2025-12232
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/SafeClientFilter Buffer Overflow Vulnerability Β· Issueβ¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SafeClientFilter Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Pro...
π¨ CVE-2025-12233
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/SafeUrlFilter Buffer Overflow Vulnerability Β· Issue #14β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SafeUrlFilter Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produc...
π¨ CVE-2025-12234
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/SafeMacFilter Buffer Overflow Vulnerability Β· Issue #15β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SafeMacFilter Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produc...
π¨ CVE-2025-12235
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1/goform/SetIpBind Buffer Overflow Vulnerability Β· Issue #16 Β·β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SetIpBind Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Product Ro...
π¨ CVE-2025-12236
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/DhcpListClient Buffer Overflow Vulnerability Β· Issueβ¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/DhcpListClient Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produ...
π¨ CVE-2025-12237
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
Projectworlds Advanced Library Management System Project V1.0 / index.php SQL injection Β· Issue #1 Β· juzidddd/Projectworlds-ALMSβ¦
Projectworlds Advanced Library Management System Project V1.0 / index.php SQL injection NAME OF AFFECTED PRODUCT(S) β’ Advanced Library Management System Vendor Homepage β’ https://projectworlds.com/...
π¨ CVE-2025-12238
A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
π¨ CVE-2025-12239
A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3300R/setDdnsCfg.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2025-12240
A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3300R/setDmzCfg.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2025-12241
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3300R/setLanguageCfg.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2025-12242
A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-12243
A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
π@cveNotify
π¨ CVE-2025-11682
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4.
π@cveNotify
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4.
π@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform
During a recent penetration test, Redguardβs security team identified a high-severity stored cross-site scripting (XSS) vulnerability in the Perx Customer Engagement & Loyalty Platformβs LMT Dashboard. This flaw, now assigned CVE-2025-11682, enabled an authenticatedβ¦
π¨ CVE-2025-12244
A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
π¨ CVE-2025-12245
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Hckwr
HackWare | IoT, Hardware, and Mobile Security Analysis
Welcome to HackWare - Deep in Cybersecurity. We secure web, mobile, IoT and hardware with expert testing, reverse engineering skills and asset monitoring.
π¨ CVE-2025-12246
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Hckwr
HackWare | IoT, Hardware, and Mobile Security Analysis
Welcome to HackWare - Deep in Cybersecurity. We secure web, mobile, IoT and hardware with expert testing, reverse engineering skills and asset monitoring.
π¨ CVE-2025-12247
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
π@cveNotify
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
π@cveNotify
GitHub
CVE-Discovery/Halseo Backupservice.md at main Β· lakshayyverma/CVE-Discovery
Contribute to lakshayyverma/CVE-Discovery development by creating an account on GitHub.
π¨ CVE-2025-12248
A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
CLTPHP Content Management System V3.0 /home/search.html SQL Injection (Boolean-Based Blind) Β· Issue #17 Β· 1276486/CVE
CLTPHP Content Management System V3.0 /home/search.html SQL Injection (Boolean-Based Blind) NAME OF AFFECTED PRODUCT(S) CLTPHP Content Management System Vendor Homepage https://cltphp.com/ AFFECTED...