๐จ CVE-2025-15193
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
vuls/d-link/dwr-m920/formParentControl.md at main ยท panda666-888/vuls
Contribute to panda666-888/vuls development by creating an account on GitHub.
๐ฅ1
๐จ CVE-2025-15073
A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
GitHub
# itsourcecode Online Frozen Foods Ordering System V1.0 "/frozenfoodssystem/contact_us.php" SQL injection ยท Issue #1 ยท 24ggee/CVE
itsourcecode Online Frozen Foods Ordering System V1.0 "/frozenfoodssystem/contact_us.php" SQL injection NAME OF AFFECTED PRODUCT(S) Online Frozen Foods Ordering System Vendor Homepage htt...
๐จ CVE-2025-15074
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
๐@cveNotify
GitHub
# itsourcecode Online Frozen Foods Ordering System V1.0 "/frozenfoodssystem/customer_details.php" SQL injection ยท Issue #1โฆ
itsourcecode Online Frozen Foods Ordering System V1.0 "/frozenfoodssystem/customer_details.php" SQL injection NAME OF AFFECTED PRODUCT(S) Online Frozen Foods Ordering System Vendor Homepa...
๐จ CVE-2025-15182
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
๐จ CVE-2025-15183
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-15184
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
๐@cveNotify
๐จ CVE-2025-15185
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
๐@cveNotify
๐ฅ1
๐จ CVE-2025-15049
A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
๐จ CVE-2025-15075
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
GitHub
itsourcecode Student Management System V1.0 SQL Injection Vulnerability ยท Issue #30 ยท ltranquility/CVE
itsourcecode Student Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Managemen System Vendor Homepage https://itsourcecode.com/free-projects/php-project/stude...
๐จ CVE-2025-15077
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
itsourcecode Student Management System V1.0 SQL Injection Vulnerability ยท Issue #2 ยท BUPT424201/CVE
itsourcecode Student Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Managemen System Vendor Homepage https://itsourcecode.com/free-projects/php-project/stude...
๐จ CVE-2025-15078
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
itsourcecode Student Management System V1.0 SQL Injection Vulnerability ยท Issue #3 ยท BUPT424201/CVE
itsourcecode Student Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Managemen System Vendor Homepage https://itsourcecode.com/free-projects/php-project/stude...
๐จ CVE-2025-15160
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_WH450/PPTPServer/PPTPServer.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2025-15161
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_WH450/PPTPUserSetting/PPTPUserSetting.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2025-47504
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce, WPFactory Customer Email Verification for WooCommerce allows Stored XSS.This issue affects Custom Checkout Fields for WooCommerce: from n/a through 1.8.3; Customer Email Verification for WooCommerce: from n/a through 3.0.2.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce, WPFactory Customer Email Verification for WooCommerce allows Stored XSS.This issue affects Custom Checkout Fields for WooCommerce: from n/a through 1.8.3; Customer Email Verification for WooCommerce: from n/a through 3.0.2.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Custom Checkout Fields for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-15002
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
๐@cveNotify
๐จ CVE-2025-15006
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_WH450/CheckTools/CheckTools.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2025-15007
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_WH450/L7Im/L7Im.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2025-15008
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2025-15199
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /client/show/exceptionStatistics/client ยท Issue #372 ยท sohutv/cachecloud
XSS vulnerability on /client/show/exceptionStatistics/client Summary In the latest version (v3.2) of CacheCloud, the endpoint /client/show/exceptionStatistics/client does not encode user-controllab...