5.1
CVE-2025-10026 - itsourcecode POS Point of Sale System -complex_header.php cross site scripting
A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/-complex_header.php. The manipulation of the argument scripts results in cross site scripting. It β¦
6.9
CVE-2025-10025 - PHPGurukul Online Course Registration semester.php sql injection
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publiβ¦
6.4
CVE-2025-9057 - Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-levβ¦
9.2
CVE-2025-35452 - Pan-Tilt-Zoom cameras default administrative credentials for web interface
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
2.3
CVE-2025-30198 - ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
7.5
CVE-2025-30199 - ECOVACS Vacuum and Base Station accept unsigned firmware
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
9.3
CVE-2025-35451 - Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be dβ¦
2.3
CVE-2025-30200 - ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
2.3
CVE-2025-10014 - elunez eladmin Email Address updateEmail updateUserEmail improper authorization
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacβ¦
8.6
CVE-2025-9709 - NRF52810 Runtime EM Fault Injection APPROTECT Bypass
On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardβ¦