CVE-2025-60660
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. More information : https://drive.google.com/file/d/1YTKUiYXMsaAEoasx7xbQxy2tsrC5E3Ew/view?usp=sharing
Category: Vulnerabilities
CVE-2025-60662
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. More information : https://drive.google.com/file/d/1-XpZmT_Yw5JtygQJ6HZBRnC5IjlAnLQO/view?usp=sharing
CVE-2025-56162
YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw(‘field(goods_id, …)’), allowing attackers to: (a) enumerate or modify database data,...
CVE-2025-57305
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. More information : http://vitaracharts.com
CVE-2025-56154
htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to...
CVE-2025-56161
YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes,...
CVE-2025-59771
Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...
CVE-2025-59772
Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...
CVE-2025-59773
Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...
CVE-2025-59774
Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...
CVE-2025-60782
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation...
CVE-2025-61087
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. More information : https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-2025-61087
CVE-2025-61096
PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. More information : https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-2025-61096
CVE-2025-59765
Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...