The CVE-2025-6494 vulnerability is a heap-based buffer overflow issue in the Nokogiri library, specifically in the `hashmap_get_with_hash` function of the `gumbo-parser/src/hashmap.c` file, which can be exploited locally.
This vulnerability is a problem because it can be used by an attacker to overflow a buffer on the heap, potentially allowing them to execute arbitrary code, leading to a range of malicious activities such as data theft, system compromise, or malware installation.
This vulnerability affects the Markdown Mode in CodeMirror versions up to 5.17.0, causing inefficient regular expression complexity when manipulated, which can be launched remotely.
This vulnerability is a problem because it can be exploited remotely, potentially allowing attackers to launch a denial-of-service attack or slow down the system, which can lead to decreased performance and increased risk of further exploitation.
The CVE-2025-6492 vulnerability allows an attacker to manipulate the getRecommendTitleFromMarkdownString function in MarkText versions up to 0.17.1, causing inefficient regular expression complexity, which can be launched remotely.
This vulnerability is a problem because it can be exploited by attackers to potentially cause a denial-of-service (DoS) or disrupt the performance of the MarkText application, allowing unauthorized individuals to impact the system's availability and reliability.
The CVE-2025-6490 vulnerability is a heap-based buffer overflow issue in the Nokogiri library, specifically in the hashmap_set_with_hash function of the gumbo-parser/src/hashmap.c file, which can be exploited by a local attacker to potentially execute arbitrary code.
This vulnerability is a problem because it can be used by an attacker to overflow a buffer on the heap, potentially allowing them to execute malicious code, access sensitive data, or cause the system to crash, which can lead to security breaches, data loss, or system downtime.
The CVE-2025-6489 vulnerability allows an attacker to inject malicious SQL code into the Agri-Trading Online Shopping System 1.0 by manipulating the "del" argument in the /transactionsave.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, financial losses, or disruptions to the online shopping system.
This vulnerability allows an attacker to cause a stack-based buffer overflow in the TOTOLINK A3002R router by manipulating the "subnet" argument in the formRoute function, which can be initiated remotely.
This vulnerability is a problem because it can be exploited by attackers to potentially gain control of the router, allowing them to steal sensitive information, disrupt network traffic, or use the router as a launching point for further attacks, posing a significant risk to the security of the network.
This vulnerability allows an attacker to cause a stack-based buffer overflow in the TOTOLINK A3002R router by manipulating the "submit-url" argument in the formWlanMultipleAP function, which can be done remotely.
This is a critical issue because it can be exploited by attackers to potentially execute arbitrary code, gain unauthorized access to the router, and compromise the security of the network, leading to data breaches, malware distribution, and other malicious activities.
This vulnerability allows an attacker to inject operating system commands into the TOTOLINK A3002R router, specifically through the formWlSiteSurvey function, by manipulating the wlanif argument, which can be done remotely.
This is a problem because it enables attackers to execute unauthorized commands on the router, potentially leading to unauthorized access, data theft, or disruption of the network, and since the exploit is publicly disclosed, attackers can easily use it to target vulnerable devices.
This vulnerability allows an attacker to inject malicious SQL code into the Online Shopping Store 1.0 application by manipulating certain arguments (cat_id, brand_id, keyword, proId, pid) in the /action.php file, potentially leading to unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the application's database, potentially resulting in data breaches, tampering, or even taking control of the entire system, which can lead to significant financial and reputational damage.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Pizza Ordering System 1.0 by manipulating the "ID" argument in the /edituser.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, unauthorized access, or system compromise.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Pizza Ordering System 1.0 by manipulating the "userid" argument in the /edituser-exec.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, unauthorized data modification, or even complete system compromise, which can have severe consequences for the system's security and integrity.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Pizza Ordering System 1.0 by manipulating the "ID" argument in the /update.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to data breaches, unauthorized access, or disruption of services.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Pizza Ordering System 1.0 through the "textfield" argument in the /addcatexec.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, unauthorized modifications, and other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Pizza Ordering System 1.0 by manipulating the "dayfrom" argument in the /salesreport.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, tampering, or even taking control of the system, which can have severe consequences for the business and its customers.
The CVE-2025-6478 vulnerability allows an attacker to perform a cross-site request forgery (CSRF) attack on the CodeAstro Expense Management System 1.0, which can be launched remotely.
This vulnerability is a problem because it enables an attacker to trick users into performing unintended actions on the system, potentially leading to unauthorized data modifications, financial transactions, or other malicious activities, compromising the security and integrity of the system.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "School Name" argument on the System Settings Page of the SourceCodester Student Result Management System 1.0, specifically affecting the /script/admin/system file.
This vulnerability is a problem because it enables remote attackers to inject malicious code into the system, potentially leading to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the system.
This vulnerability allows an attacker to perform a cross-site request forgery (CSRF) attack on the SourceCodester Gym Management System 1.0, which can be launched remotely.
This is a problem because a CSRF attack can trick users into performing unintended actions on the system, potentially leading to unauthorized data modifications, theft, or other malicious activities, compromising the security and integrity of the system.
The CVE-2025-6475 vulnerability allows an attacker to perform a cross-site scripting (XSS) attack on the Student Result Management System 1.0, specifically targeting the Manage Students Module. This occurs when an unknown processing issue in the /script/admin/manage_students file is manipulated, allowing malicious code to be executed.
This vulnerability is a problem because it enables remote attackers to inject malicious scripts into the system, potentially leading to unauthorized access, data theft, or other malicious activities. The fact that the exploit has been publicly disclosed increases the risk of attack, as malicious actors can use this information to launch targeted attacks.
This vulnerability allows an attacker to inject malicious SQL code into the Inventory Management System by manipulating the "user_id" argument in the /changeUsername.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, unauthorized data modification, or even complete system takeover, which can have severe consequences for the security and integrity of the affected system.
This vulnerability allows an attacker to inject malicious code into the School Fees Payment System through the "transcation_remark" argument in the /fees.php file, leading to a cross-site scripting (XSS) attack that can be initiated remotely.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the system, potentially stealing user data, taking control of user sessions, or performing other unauthorized actions, which can compromise the security and integrity of the payment system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Bidding System 1.0 by manipulating the "ID" argument in the /showprod.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive data, potentially leading to data breaches, unauthorized modifications, or even taking control of the system, which can have severe consequences for the security and integrity of the affected system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Bidding System 1.0 by manipulating the "aduser" argument in the /administrator file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to data breaches, unauthorized access, or disruption of the bidding system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Bidding System 1.0 by manipulating the "ID" argument in the /bidlog.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive database information, which could lead to data breaches, tampering, or even full system compromise, resulting in significant security and privacy risks.
This vulnerability allows an attacker to inject malicious SQL code into the Online Bidding System 1.0 by manipulating the "ID" argument in the /details.php file, potentially giving them unauthorized access to sensitive data.
This is a problem because it enables remote attackers to exploit the system, potentially leading to data theft, modification, or deletion, which could have serious consequences for the affected organization and its users.
This vulnerability allows an attacker to inject malicious SQL code into the Online Bidding System 1.0 by manipulating the "ID" argument in the /bidnow.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, meaning an attacker can launch the attack from anywhere, and it has been publicly disclosed, making it more likely that malicious actors will attempt to use it to steal or manipulate data, compromising the security and integrity of the system.
This vulnerability allows an attacker to manipulate the "User" argument in the /login.php file of the Online Bidding System 1.0, leading to a SQL injection attack, which can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt system operations, or gain unauthorized access to the system.
This vulnerability allows an attacker to upload unrestricted files to a system using the speechToTextTranscriptionsV2/upload function in the ruoyi-ai 2.0.0 software, potentially leading to malicious file execution or other security breaches.
This vulnerability is a problem because it enables remote attackers to upload malicious files, which could result in unauthorized access, data breaches, or disruption of system services, ultimately compromising the security and integrity of the affected system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Hotel Reservation System 1.0 by manipulating the "userid" argument in the /admin/execedituser.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to unauthorized data disclosure, modification, or deletion, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Hotel Reservation System 1.0 by manipulating the "Start" argument in the /reservation/demo.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which can compromise the security and integrity of the hotel's reservation system and customer data.
This vulnerability allows an attacker to inject malicious SQL code into the Online Hotel Reservation System 1.0 by manipulating the "Start" argument in the /reservation/order.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, financial losses, and damage to the system's integrity.
This vulnerability allows an attacker to inject malicious SQL code into the Online Hotel Reservation System 1.0 by manipulating the "Name" argument in the /messageexec.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, meaning an attacker doesn't need direct access to the system to launch the attack, and it can lead to unauthorized data access, modification, or even deletion, compromising the security and integrity of the reservation system.
The CVE-2025-6453 vulnerability allows an attacker to manipulate the "dirName" argument in the ForumManageAction.java file, leading to a path traversal attack, which can be launched remotely.
This vulnerability is a problem because it enables attackers to access and potentially modify sensitive files and directories on the server, which can lead to data breaches, malware distribution, and other malicious activities, compromising the security and integrity of the system.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "Patient Name/Name" argument on the "Generate New Report Page" of the CodeAstro Patient Record Management System 1.0, potentially injecting malicious code into the system.
This vulnerability is a problem because it enables remote attackers to inject malicious scripts into the system, which could lead to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of patient records.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "transaction_id" argument in the /admin/delete_pending.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized modifications, or even complete system compromise, which can have severe consequences for the system's users and owners.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "transaction_id" argument in the /admin/confirm_reserve.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to unauthorized access, data breaches, or disruption of the reservation system.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "transaction_id" argument in the /admin/checkout_query.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, financial loss, and reputational damage.
The CVE-2025-52923 vulnerability in Sangfor aTrust versions up to 2.4.10 allows users to modify the ExecStartPre command, which is a part of the system's startup process.
This vulnerability is a problem because it enables users to potentially execute malicious commands or modify the system's behavior during startup, which could lead to unauthorized access, data breaches, or system compromise.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "room_id" argument in the /admin/delete_room.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, tampering, or disruption of the reservation system, which can have serious consequences for the business and its customers.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "Username" argument in the /admin/index.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, unauthorized data modification, or even complete system compromise, which can have severe consequences for the security and integrity of the system and its data.
This vulnerability allows an attacker to perform a SQL injection attack by manipulating the "Username" argument in the /clientdetails/admin/index.php file of the Client Details System 1.0, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, fraud, and other malicious activities.
This vulnerability allows an attacker to upload files without restrictions to the Campcodes Online Recruitment Management System 1.0 by manipulating the "img" argument in the /admin/ajax.php?action=save_settings file, which is part of the About Content Page component. This can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as viruses, malware, or backdoors, to the system, potentially leading to unauthorized access, data breaches, or system compromise.
The Yealink YMCS RPS certificate upload function fails to properly validate the content of uploaded certificates, allowing potentially invalid certificates to be uploaded.
This vulnerability is a problem because it could allow an attacker to upload a fake or malicious certificate, which could be used to intercept or manipulate sensitive data, compromising the security and trust of the system.
The Yealink YMCS system fails to block access to OpenAPI for enterprise accounts that have been frozen, allowing unauthorized users to access interfaces that should be deactivated.
This vulnerability is a problem because it enables unauthorized access to potentially sensitive areas of the system, even after the associated account has been deactivated, which can lead to data breaches, system manipulation, or other malicious activities.
The Yealink YMCS RPS API has a vulnerability that allows it to process an unlimited number of requests without any restrictions, potentially leading to the disclosure of sensitive information through excessive requests.
This vulnerability is a problem because it enables attackers to send a large number of requests to the API, which could result in unauthorized access to sensitive data, overload the system, or disrupt its functionality.
The Yealink YMCS RPS system has a vulnerability that allows attackers to perform brute-force attempts to guess the last five digits of a serial number (SN) without any limits on the number of attempts.
This vulnerability is a problem because it enables malicious actors to easily guess or crack the serial number through repeated attempts, potentially allowing unauthorized access to the system or its data.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "admin_id" argument in the /admin/add_account.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to unauthorized access, data breaches, or disruption of the reservation system.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "room_type" argument in the /admin/add_room.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to unauthorized data breaches, system compromise, or other malicious activities.
This vulnerability allows an attacker to inject malicious JavaScript code into a user's browser by creating a crafted vault entry with a javascript:URL in the Psono-Client, which is used in Bitdefender SecurePass. When a user interacts with this entry, the malicious code is executed, giving the attacker control over the user's browser.
This is a problem because it enables an attacker to run arbitrary code in the victim's browser, potentially allowing them to access the user's password vault and sensitive data, compromising the user's security and privacy.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "room_type" argument in the /admin/edit_room.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data, potentially leading to data breaches, unauthorized changes to the system, and other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "Name" argument in the /admin/edit_query_account.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive database information, which could lead to data breaches, unauthorized account modifications, or other malicious activities, ultimately compromising the security and integrity of the system.
The CVE-2025-6417 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System through the "awarddetails" argument in the /admin/add-artist.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the database, potentially leading to data breaches, unauthorized modifications, or even complete system compromise.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System 1.1 by manipulating the "editid" argument in the /admin/changeimage4.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the database, potentially leading to data theft, modification, or deletion, and can be exploited remotely, making it easily accessible to malicious actors.
The CVE-2025-6415 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System 1.1 by manipulating the "editid" argument in the /admin/changeimage3.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized modifications, or even taking control of the system.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "editid" argument in the /admin/changeimage2.php file, which can be done remotely.
This is a problem because SQL injection attacks can give an attacker unauthorized access to sensitive data, allowing them to modify, delete, or extract confidential information, potentially leading to data breaches, system compromises, or other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "editid" argument in the /admin/changeimage1.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing direct access to the system, which can lead to data breaches, unauthorized modifications, and other malicious activities.
The CVE-2025-6412 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "editid" argument in the /admin/changeimage.php file, potentially leading to unauthorized access and data manipulation.
This vulnerability is a problem because it enables remote attackers to exploit the system, allowing them to access, modify, or extract sensitive data, which can lead to significant security breaches and data losses.
The CVE-2025-6411 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "imageid" argument in the /admin/changepropic.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized access, and other malicious activities, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "editid" argument in the /admin/edit-art-medium-detail.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive data, potentially leading to data breaches, tampering, or even taking control of the system, which can have serious consequences for the security and integrity of the data and the system as a whole.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Art Gallery Management System by manipulating the "email" argument in the /admin/forgot-password.php file, potentially giving them unauthorized access to the system's database.
This vulnerability is a problem because it enables remote attackers to access sensitive data, modify database records, or even take control of the entire system, which can lead to data breaches, system compromise, and other security threats.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Hospital Management System by manipulating the "searchdata" argument in the /doctor/search.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive hospital data without needing physical access to the system, which could lead to data breaches, unauthorized changes to medical records, and other serious security issues.
This vulnerability allows an attacker to perform a SQL injection attack by manipulating the "Username" argument in the /user-login.php file of the Campcodes Online Hospital Management System 1.0, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to inject malicious SQL code, which can lead to data breaches, unauthorized data modification, or even complete system compromise, posing a significant risk to the confidentiality, integrity, and availability of the hospital's data.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Hospital Management System by manipulating the "fullname" argument in the forgot-password.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which could compromise patient confidentiality and the overall integrity of the hospital management system.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Teacher Record Management System 1.0 by manipulating the "editid" argument in the /admin/edit-teacher-detail.php file, which can be done remotely.
This is a problem because SQL injection attacks can give an attacker unauthorized access to sensitive data, allowing them to modify, delete, or extract confidential information, potentially leading to data breaches, system compromise, or other malicious activities.
The CVE-2025-3629 vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 allows an authenticated user to delete comments made by other users, due to a flaw in managing ownership of user comments.
This vulnerability is a problem because it can lead to the loss of important information and data integrity, as users may unintentionally or maliciously delete comments that are crucial for collaboration, decision-making, or auditing purposes.
This vulnerability allows a remote attacker to cause a denial of service in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 by sending malicious incoming requests that are not properly validated.
This vulnerability is a problem because it enables attackers to disrupt the normal functioning of the IBM InfoSphere Information Server, making it unavailable to users and potentially causing significant disruptions to business operations.
This vulnerability allows a remote attacker to conduct phishing attacks using an open redirect attack, where a victim is redirected to a malicious website that appears to be trusted, after visiting a specially crafted website.
This vulnerability is a problem because it enables attackers to trick victims into revealing highly sensitive information or conducting further attacks, by making the malicious website appear as if it is a trusted IBM Process Mining website.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Teacher Record Management System 1.0 through the "searchdata" argument in the /admin/search.php file, potentially giving them unauthorized access to sensitive data.
This SQL injection vulnerability is a problem because it can be exploited remotely, allowing attackers to access, modify, or delete sensitive data, disrupt system operations, or even take control of the entire system, compromising the security and integrity of the data and the system.
The 3D FlipBook plugin for WordPress allows attackers to inject arbitrary web scripts into pages due to insufficient input sanitization and output escaping in the 'style' and 'mode' parameters, which can execute when a user accesses the injected page.
This vulnerability is a problem because it enables authenticated attackers with Contributor-level access or higher to perform Stored Cross-Site Scripting attacks, potentially leading to unauthorized actions, data theft, or malicious activities on the affected website.
The CVE-2025-6403 vulnerability allows an attacker to inject malicious SQL code into the School Fees Payment System 1.0 by manipulating the "ID" argument in the /student.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, unauthorized data modification, or even complete system compromise, which can have severe consequences for the affected organization and its users.
This vulnerability allows an attacker to cause a buffer overflow in the TOTOLINK X15 router by manipulating the "submit-url" argument in an HTTP POST request to the /boafrm/formIpv6Setup file, which can be initiated remotely.
This vulnerability is a problem because it can be exploited remotely, allowing an attacker to potentially gain control of the router, disrupt its functionality, or use it as a launching point for further attacks on the network, posing a significant risk to the security and integrity of the affected system.
The CVE-2025-6401 vulnerability allows an attacker to manipulate the "url" argument in the HTTP POST message handler of the TOTOLINK N300RH router, specifically in the /boafrm/formFilter component, which can lead to a denial of service.
This vulnerability is a problem because it can be exploited to disrupt the normal functioning of the router, making it unavailable for legitimate users and potentially causing network downtime, which can have significant consequences for individuals and organizations relying on the affected router for internet access.
The TableOn WordPress Posts Table Filterable plugin has a vulnerability that allows attackers to inject malicious scripts into website pages using a specific shortcode, due to poor input validation and escaping of user-supplied attributes.
This vulnerability is a problem because it enables authenticated attackers with contributor-level access or higher to execute arbitrary web scripts on pages, potentially leading to unauthorized actions, data theft, or malware distribution whenever a user visits the compromised page.
This vulnerability allows an attacker to overflow a buffer in the TOTOLINK N300RH router by manipulating the "service_type" argument in an HTTP POST message, potentially giving them control over the device.
This vulnerability is a problem because it can be exploited remotely, meaning an attacker doesn't need physical access to the router to launch an attack. The fact that the exploit has been publicly disclosed also increases the risk, as malicious actors can use the available information to launch attacks.
The wp-file-download WordPress plugin, versions before 6.2.6, fails to properly clean and secure a parameter before displaying it on a webpage, allowing for a Reflected Cross-Site Scripting (XSS) attack.
This vulnerability is a problem because it enables attackers to inject malicious scripts into websites, potentially stealing user data, taking control of user sessions, or performing other harmful actions, which can compromise the security and integrity of the website and its users.
This vulnerability allows an attacker to cause a buffer overflow in the TOTOLINK X15 router by manipulating the "submit-url" argument in an HTTP POST request to the /boafrm/formIPv6Addr file, potentially enabling remote code execution.
This is a problem because it can be exploited remotely, meaning an attacker doesn't need physical access to the device to launch the attack, and the exploit has been publicly disclosed, making it easier for malicious actors to use it, which could lead to unauthorized access, data theft, or device takeover.
The LastRoute Parameter on the FastGPT login page is vulnerable to open redirect and DOM-based XSS attacks, allowing attackers to execute malicious JavaScript or redirect users to attacker-controlled sites due to improper validation and lack of sanitization.
This vulnerability is a problem because it enables attackers to trick users into revealing sensitive information, execute malicious code, or redirect them to phishing sites, potentially leading to data breaches, financial loss, or other malicious activities.
The CVE-2025-52488 vulnerability in DNN (formerly DotNetNuke) allows a specially crafted series of malicious interactions to potentially expose NTLM hashes to a third-party SMB server, affecting versions 6.0.0 to before 10.0.1.
This vulnerability is a problem because it could allow unauthorized access to sensitive information, specifically NTLM hashes, which can be used to gain access to the network and potentially lead to further malicious activities.
This vulnerability allows a specially crafted request to bypass the login IP filters in DNN (DotNetNuke) content management platform, enabling login attempts from IP addresses that are not on the allowed list.
This vulnerability is a problem because it could allow unauthorized access to the platform from restricted IP addresses, potentially leading to security breaches, data theft, or other malicious activities.
The CVE-2025-52486 vulnerability allows specially crafted content in URLs to bypass proper sanitization by certain SkinObjects in the DNN web content management platform, potentially leading to unauthorized actions through the TokenReplace feature.
This vulnerability is a problem because it could enable attackers to inject malicious content or code into the platform, potentially compromising the security and integrity of the website, its data, and its users.
This vulnerability allows an attacker to inject scripts into the Activity Feed Attachments endpoint of the DNN web content management platform, which can then be rendered in the feed, potentially leading to unauthorized code execution.
This vulnerability is a problem because it enables attackers to inject malicious scripts, potentially allowing them to steal user data, take control of user accounts, or perform other malicious actions, compromising the security and integrity of the platform.
This vulnerability allows an attacker to inject malicious SQL code into the Simple Online Hotel Reservation System 1.0 by manipulating the "firstname" argument in the /add_reserve.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, and since the exploit has been made public, it's likely that malicious actors will attempt to use it.
This vulnerability allows an attacker to craft a malicious email that executes JavaScript code, potentially leading to session hijacking, due to improper sanitization in Mail-0's Zero email solution version 0.8.
This vulnerability is a problem because it enables attackers to gain unauthorized access to user sessions, which can result in sensitive information theft, account takeover, and other malicious activities.
The CVE-2025-52556 vulnerability is a flaw in the rfc3161-client Python library that fails to properly verify the signature of timestamp responses, allowing an attacker to introduce a fake signature as long as it chains up to a trusted root.
This vulnerability is a problem because it enables attackers to manipulate timestamp responses, potentially allowing them to fake the timing of events or documents, which can have serious consequences in applications that rely on trusted timestamps, such as digital signatures and document authentication.
This vulnerability allows an attacker to overflow a buffer in the TOTOLINK router's HTTP POST Request Handler by manipulating the "submit-url" argument in the /boafrm/formIPv6Addr file, potentially leading to remote code execution.
This vulnerability is a problem because it can be exploited remotely, allowing an attacker to gain control of the affected router without physical access, which could lead to unauthorized access to the network, data theft, or other malicious activities.
The CVE-2025-6375 vulnerability is a null pointer dereference issue in the MultipartInputStream function of the POCO library, specifically in the Net/src/MultipartReader.cpp file, which can be exploited locally.
This vulnerability is a problem because it allows an attacker to manipulate the function, leading to a null pointer dereference, which can cause the program to crash or potentially execute arbitrary code, compromising the security of the system.
This vulnerability allows an attacker to cause a stack-based buffer overflow in the D-Link DIR-619L router by manipulating the "curTime" argument in the formSetACLFilter function, potentially leading to remote code execution.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to gain control over the affected router, which could lead to unauthorized access to the network, data theft, or other malicious activities, especially since the exploit has been publicly disclosed.
The CVE-2025-6218 vulnerability allows attackers to execute arbitrary code on computers with affected RARLAB WinRAR installations by tricking users into visiting malicious websites or opening malicious files, which can lead to unauthorized access and code execution.
This vulnerability is a problem because it enables remote attackers to gain control over a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which can occur in the context of the current user's permissions.
This vulnerability, found in the PEAK-System Driver, allows a local attacker to access sensitive information on the system by exploiting a flaw in the handling of the PCANFD_ADD_FILTERS IOCTL, which lacks proper locking mechanisms.
This vulnerability is a problem because it can be used by an attacker to disclose sensitive information and potentially execute arbitrary code in the context of the kernel, which could lead to a complete system compromise, especially when combined with other vulnerabilities.
This vulnerability allows remote attackers to bypass authentication on Allegra installations by exploiting a flaw in the password recovery mechanism, which relies on a predictable value to generate password reset tokens.
This vulnerability is a problem because it enables unauthorized access to Allegra, allowing attackers to bypass security measures without requiring any authentication, which can lead to unauthorized data access, modification, or other malicious activities.
This vulnerability allows attackers to bypass authentication on Sony XAV-AX8500 devices using Bluetooth, giving them unauthorized access to the system without requiring any authentication credentials.
This vulnerability is a problem because it enables network-adjacent attackers to gain access to the device without permission, potentially allowing them to steal sensitive information, disrupt system functionality, or take control of the device.
This vulnerability allows an attacker to execute arbitrary code on Sony XAV-AX8500 devices by exploiting a heap-based buffer overflow in the Bluetooth AVCTP protocol, which occurs when a malicious Bluetooth device is paired with the target system.
This vulnerability is a problem because it enables network-adjacent attackers to gain control over affected devices, potentially leading to unauthorized access, data theft, or other malicious activities, by exploiting the lack of proper validation of user-supplied data.
This vulnerability allows an attacker to execute arbitrary code on Sony XAV-AX8500 devices by exploiting an integer overflow in the Bluetooth SDP protocol, which occurs due to the lack of proper validation of user-supplied data.
This vulnerability is a problem because it enables network-adjacent attackers to gain control over the device without requiring authentication, potentially leading to unauthorized access and malicious activities, all executed with root-level privileges.
This vulnerability allows an attacker to execute arbitrary code on Sony XAV-AX8500 devices by exploiting a heap-based buffer overflow in the Bluetooth L2CAP protocol, which occurs when a malicious Bluetooth device is paired with the target system.
This vulnerability is a problem because it enables network-adjacent attackers to gain control over affected devices, potentially leading to unauthorized access, data theft, or other malicious activities, by exploiting the lack of proper validation of user-supplied data.
The CVE-2025-5476 vulnerability allows an attacker to bypass authentication on Sony XAV-AX8500 devices with Bluetooth capabilities, without requiring any authentication, by exploiting a flaw in the implementation of ACL-U links due to the lack of L2CAP channel isolation.
This vulnerability is a problem because it enables network-adjacent attackers to access the device without authorization, potentially leading to unauthorized control, data theft, or other malicious activities, compromising the security and integrity of the device.
The CVE-2025-5475 vulnerability allows an attacker to execute arbitrary code on Sony XAV-AX8500 devices by sending malicious Bluetooth packets, which can cause an integer overflow and enable remote code execution.
This vulnerability is a problem because it enables network-adjacent attackers to take control of affected devices, potentially leading to unauthorized access, data theft, or other malicious activities, by exploiting the lack of proper validation of user-supplied Bluetooth data.
This vulnerability allows an attacker to cause a stack-based buffer overflow in the D-Link DIR-619L router by manipulating the "curTime" argument in the formSetWizard1 function, which can be initiated remotely.
This is a problem because it can be exploited by attackers to potentially execute arbitrary code, gain unauthorized access, or crash the system, leading to a loss of security and control over the affected device, with a severity score of 8.8 indicating a critical level of risk.
This vulnerability allows an attacker to cause a stack-based buffer overflow in the D-Link DIR-619L router by manipulating the "curTime" argument in the "formSetWizard1" function, which can be done remotely.
This is a problem because it can be exploited by attackers to potentially execute arbitrary code, gain unauthorized access, or disrupt the normal functioning of the affected device, and since the exploit has been publicly disclosed, it's likely that malicious actors may try to take advantage of it.
This vulnerability allows an attacker to exploit a stack-based buffer overflow in the D-Link DIR-619L router's formSetEnableWizard function by manipulating the curTime argument, potentially leading to remote code execution.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to gain unauthorized access to the router and potentially compromise the entire network, leading to data theft, malware distribution, or other malicious activities.
This vulnerability allows an attacker to overflow a buffer on the stack by manipulating the "curTime" argument in the "formWlanGuestSetup" function of certain D-Link DIR-619L routers, potentially enabling remote code execution.
This is a critical issue because it can be exploited remotely, meaning an attacker doesn't need physical access to the device to launch the attack. Since the exploit has been publicly disclosed, malicious actors may use it to compromise vulnerable routers, potentially leading to unauthorized access, data theft, or other malicious activities.
This vulnerability allows an attacker to exploit a stack-based buffer overflow in the D-Link DIR-619L router's formdumpeasysetup function by manipulating a specific argument, potentially allowing remote code execution.
This is a critical issue because it can be exploited remotely, meaning an attacker doesn't need physical access to the router to launch the attack, and it may allow them to gain control over the device, compromising the security of the network and potentially leading to data theft or other malicious activities.