π¨ CVE-2025-14222
A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
π@cveNotify
π¨ CVE-2025-14223
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-14253
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
π@cveNotify
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
π@cveNotify
π¨ CVE-2025-14254
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
π¨ CVE-2025-14255
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
π¨ CVE-2025-66320
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66321
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-12956
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
π@cveNotify
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
π@cveNotify
Dassault Systèmes
CVE-2025-12956 - Dassault Systèmes
Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
β€1
π¨ CVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
β€1
π¨ CVE-2025-26487
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
π@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-26488
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-26489
Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the
appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the
appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
π¨ CVE-2025-58279
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66325
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66327
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66328
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66329
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66330
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-14225
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
MY_VULN_2/D-Link/vuln-1/D-Link Vulnerability.md at main Β· Madgeaaaaa/MY_VULN_2
Contribute to Madgeaaaaa/MY_VULN_2 development by creating an account on GitHub.
π¨ CVE-2025-14226
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
π@cveNotify
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
π@cveNotify
GitHub
itsourcecode Student Management System V1.0 SQL Injection Vulnerability Β· Issue #17 Β· ltranquility/CVE
itsourcecode Student Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Managemen System Vendor Homepage https://itsourcecode.com/free-projects/php-project/stude...
π¨ CVE-2025-14227
A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Philipinho's Simple-PHP-Blogεε¨sql注ε
₯ζΌζ΄ Β· Issue #1 Β· woshinenbaba/CVE-
δΌεη°θΏδΈͺidεζ°εΉΆζͺε θΏζ»€εεΌΊεΆη±»ε转εε ζ€ε―δ»₯θΏθ‘sql注ε
₯ pocοΌ POST /edit.php HTTP/1.1 Host: xxxxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ...