5.1
CVE-2025-12226 - SourceCodester Best House Rental Management System admin_class.php save_house sql injection
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made β¦
8.7
CVE-2025-12225 - Tenda AC6 HTTP Request WifiGuestSet stack-based overflow
A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The expβ¦
5.1
CVE-2025-12224 - Iqbolshoh php-business-website contact.php cross site scripting
A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter causes cross site scripting. The attack may be initiated remotely. The exploit hasβ¦
5.3
CVE-2025-12223 - Bdtask Flight Booking Software Package Information package-information unrestricted upload
A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public anβ¦
5.3
CVE-2025-12222 - Bdtask Flight Booking Software Deposit deposit unrestricted upload
A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. β¦
6.9
CVE-2025-12215 - projectworlds Online Shopping System login_submit.php sql injection
A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
8.7
CVE-2025-12214 - Tenda O3 sysAutoReboot GetValue stack-based overflow
A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing a manipulation of the argument enable results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and β¦
8.7
CVE-2025-12213 - Tenda O3 setVlanConfig GetValue stack-based overflow
A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been dβ¦
8.7
CVE-2025-12212 - Tenda O3 setNetworkService GetValue stack-based overflow
A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to theβ¦
8.7
CVE-2025-12211 - Tenda O3 setDmzInfo GetValue stack-based overflow
A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been β¦