6.9
CVE-2025-10025 - PHPGurukul Online Course Registration semester.php sql injection
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publiβ¦
6.4
CVE-2025-9057 - Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-levβ¦
9.2
CVE-2025-35452 - Pan-Tilt-Zoom cameras default administrative credentials for web interface
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
2.3
CVE-2025-30198 - ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
7.5
CVE-2025-30199 - ECOVACS Vacuum and Base Station accept unsigned firmware
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
9.3
CVE-2025-35451 - Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be dβ¦
2.3
CVE-2025-30200 - ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
2.3
CVE-2025-10014 - elunez eladmin Email Address updateEmail updateUserEmail improper authorization
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacβ¦
0.0
CVE-2025-39726 - s390/ism: fix concurrency management in ism_cmd()
In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism β¦
0.0
CVE-2025-39725 - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list In shrink_folio_list(), the hwpoisoned folio may be large folio, which can't be handled by unmap_poisoned_folio(). For THP, try_to_unmap_one() must be passed wiβ¦