Full List

Search

Recent Vulnerabilities

• CVE-2025-3331 • published on April 7, 2025 A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /payment_save.php. The manipulation of the argument mode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3330 • published on April 7, 2025 A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
• CVE-2025-3329 • published on April 7, 2025 A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
• CVE-2025-3328 • published on April 7, 2025 A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
• CVE-2025-3327 • published on April 7, 2025 A vulnerability was found in iteaj iboot ????? 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2024-46494 • published on April 7, 2025 A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.
• CVE-2025-28400 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
• CVE-2025-28403 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
• CVE-2025-28409 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
• CVE-2025-28406 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
• CVE-2025-28407 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
• CVE-2025-28401 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
• CVE-2025-28408 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
• CVE-2025-28410 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
• CVE-2025-28413 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
• CVE-2025-28402 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
• CVE-2025-28405 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
• CVE-2025-28411 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
• CVE-2025-28412 • published on April 7, 2025 An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
• CVE-2025-29087 • published on April 7, 2025 In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.