Search

Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12928 2 Code-projects, Fabian 2 Online Job Search Engine, Online Job Search Engine 2025-11-17 7.3 High
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2025-13075 2 Codeprojects, Fabian 2 Responsive Hotel Site, Responsive Hotel Site 2025-11-17 4.7 Medium
A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-13076 2 Codeprojects, Fabian 2 Responsive Hotel Site, Responsive Hotel Site 2025-11-17 4.7 Medium
A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-60682 1 Totolink 2 A720r, A720r Firmware 2025-11-17 6.5 Medium
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.
CVE-2025-60683 1 Totolink 2 A720r, A720r Firmware 2025-11-17 6.5 Medium
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device.
CVE-2025-13216 2025-11-17 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-0583 1 Aenrich 1 A\+hrd 2025-11-17 6.1 Medium
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-0584 1 Aenrich 1 A\+hrd 2025-11-17 5.3 Medium
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.
CVE-2025-0585 1 Aenrich 1 A\+hrd 2025-11-17 9.8 Critical
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-0586 1 Aenrich 1 A\+hrd 2025-11-17 7.2 High
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
CVE-2025-63149 1 Tenda 2 Ax3, Ax3 Firmware 2025-11-17 7.5 High
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63455 1 Tenda 2 Ax3, Ax3 Firmware 2025-11-17 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63152 1 Tenda 2 Ax3, Ax3 Firmware 2025-11-17 7.5 High
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-10081 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Management System 2025-11-17 4.7 Medium
A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2025-10085 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-11-17 6.3 Medium
A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10083 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-11-17 6.3 Medium
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2025-10087 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-11-17 4.7 Medium
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-60675 2 D-link, Dlink 4 Dir-823g, Dir-823g Firmware, Dir-823g and 1 more 2025-11-17 5.4 Medium
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device.
CVE-2025-60671 2 D-link, Dlink 4 Dir-823g, Dir-823g Firmware, Dir-823g and 1 more 2025-11-17 5.4 Medium
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device.
CVE-2025-60674 1 Dlink 2 Dir-878, Dir-878 Firmware 2025-11-17 6.8 Medium
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device.