A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Stored Cross-Site Scripting in the Educenter WordPress theme Circle Counter Block allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into pages, executing when users visit affected content. The vulnerability stems from insufficient input sanitization in the circle-counter.php block component (versions up to 1.6.2) and affects all users viewing injected pages. CVSS 6.4 (medium) reflects the requirement for authenticated access and limited scope; no public exploit code or active exploitation has been confirmed at time of analysis.
A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.