Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `tipo_relatorio` parameter. Version 3.4.5 has a patch for the issue.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5 contains a patch for the issue.
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVE-2025-7587 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cover.php endpoint where uname and psw parameters are not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, authentication bypass, and database manipulation. The vulnerability has been publicly disclosed with working exploits available, making active exploitation highly probable in the wild.
CVE-2025-7576 is a critical improper access control vulnerability affecting Teledyne FLIR thermal imaging devices (FB-Series O and FH-Series) running firmware version 1.3.2.16 and earlier. An unauthenticated remote attacker can exploit the vulnerable /priv/production/production.html endpoint to gain unauthorized access with low complexity, potentially reading, modifying, or disrupting system availability. Public exploit code exists and the vendor has not responded to disclosure, increasing real-world exploitation risk.
PHPGurukul Hospital Management System 4.0 contains a critical SQL injection vulnerability in the /user-login.php file's Username parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, enabling unauthorized access to sensitive hospital patient data, user credentials, and potential system compromise. With a CVSS score of 7.3 and an attack vector requiring only network access and no authentication, this represents an immediate threat to healthcare organizations running affected versions.
A critical SQL injection vulnerability exists in code-projects Job Diary 1.0 via the ID parameter in /view-cad.php, allowing unauthenticated remote attackers to execute arbitrary SQL commands and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and while the CVSS score is 7.3 (High), the unauthenticated attack vector and low complexity suggest active exploitation is likely. No patch has been confirmed available as of this analysis.
CVE-2025-7594 is a critical SQL injection vulnerability in code-projects Job Diary version 1.0 affecting the /view-emp.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the low attack complexity combined with network accessibility makes this a high-priority threat requiring immediate patching.
CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.
CVE-2025-7612 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /login.php file's email parameter, allowing remote unauthenticated attackers to execute arbitrary SQL queries and potentially extract or modify sensitive data. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild. With a CVSS score of 7.3 and demonstrated public PoC availability, this represents an immediate threat to deployments of this product.
CVE-2025-7611 is a critical SQL injection vulnerability in code-projects Wedding Reservation version 1.0, affecting the /global.php file's 'lu' parameter. Remote unauthenticated attackers can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.
CVE-2025-7610 is a critical SQL injection vulnerability in code-projects Electricity Billing System 1.0 affecting the password change functionality at /user/change_password.php. An unauthenticated remote attacker can inject arbitrary SQL commands through the new_password parameter to read, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation highly probable.
CVE-2025-7609 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /register.php endpoint via the ruser_email parameter. An unauthenticated remote attacker can exploit this to read, modify, or delete database contents, potentially compromising user data and application integrity. Public exploit code exists, increasing real-world exploitation risk.
CVE-2025-7608 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /userlogin.php endpoint's user_email parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept exploit code available, and while the CVSS score is 7.3 (moderate-to-high severity), the low attack complexity and lack of authentication requirements make this a high-priority exploit target for threat actors.
CVE-2025-7607 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /Customers/save_order.php file, where the order_price parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a public exploit disclosure and carries a CVSS score of 7.3 with demonstrated real-world exploitation potential, making it a high-priority security concern for affected deployments.
CVE-2025-7605 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /profile.php endpoint via the first_name parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. Public exploit code is available and the vulnerability is likely to be actively exploited given its network-accessible nature, low attack complexity, and lack of authentication requirements.
CVE-2025-7606 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /city.php file, where the 'city' parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a CVSS score of 7.3 (High) with confirmed public exploit disclosure and active exploitation potential, enabling attackers to read, modify, or delete database contents without authentication.
A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. Version 3.4.4 fixes the issue.
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
A remote code execution vulnerability in Dromara Northstar (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.
A security vulnerability in A vulnerability in the External Interface of OTRS (CVSS 5.3) that allows conclusions. Remediation should follow standard vulnerability management procedures.
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.
A stored Cross-Site Scripting (XSS) vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser and used with the affected applications. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier.
A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is subsequently displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_delete_ajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 1.0.78 is able to address this issue. The identifier of the patch is 98ea9ee4a2052c4327f89d2f7688cc1b5749450d. It is recommended to upgrade the affected component.
py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.