Tagged: Cybersecurity Alert

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. More information : https://drive.google.com/file/d/1YTKUiYXMsaAEoasx7xbQxy2tsrC5E3Ew/view?usp=sharing

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. More information : https://drive.google.com/file/d/1-XpZmT_Yw5JtygQJ6HZBRnC5IjlAnLQO/view?usp=sharing

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw(‘field(goods_id, …)’), allowing attackers to: (a) enumerate or modify database data,...

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. More information : http://vitaracharts.com

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to...

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes,...

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. More information : https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-2025-61096

Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...

Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...

Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...

Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation...

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. More information : https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-2025-61087

Cross-site scripting (XSS) vulnerability reflected in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL. The relationship between parameter and assigned identifier...