6.9
CVE-2025-14661 - itsourcecode Student Managemen System advisers.php sql injection
A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the publicβ¦
6.3
CVE-2025-14660 - DecoCMS Mesh Workspace Domain api.ts createTool access control
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be β¦
8.7
CVE-2025-14659 - D-Link DIR-860LB1/DIR-868LB1 DHCP command injection
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be usβ¦
8.7
CVE-2025-14656 - Tenda AC20 openSchedWifi httpd buffer overflow
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available tβ¦
8.7
CVE-2025-14655 - Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible toβ¦
8.7
CVE-2025-14654 - Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploiβ¦
6.9
CVE-2025-14653 - itsourcecode Student Management System addrecord.php sql injection
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilβ¦
6.9
CVE-2025-14652 - itsourcecode Online Cake Ordering System admindetail.php sql injection
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and couβ¦
6.3
CVE-2025-14651 - MartialBE one-hub docker-compose.yml hard-coded key
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attacβ¦
6.9
CVE-2025-14650 - itsourcecode Online Cake Ordering System product.php sql injection
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.