5.1
CVE-2025-9734 - O2OA Personal Profile stat cross site scripting
A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. β¦
6.9
CVE-2025-9733 - code-projects Human Resource Integrated System login_timeee.php sql injection
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to β¦
4.8
CVE-2025-9732 - DCMTK dcm2img diybrpxt.h memory corruption
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69β¦
2
CVE-2025-9731 - Tenda AC9 Administrative shadow hard-coded credentials
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity β¦
6.9
CVE-2025-9730 - itsourcecode Apartment Management System updateProfile.php sql injection
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made publβ¦
6.9
CVE-2025-9729 - PHPGurukul Online Course Registration student-registration.php sql injection
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploiβ¦
5.3
CVE-2025-9728 - givanz Vvveb login.tpl cross site scripting
A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is bbd4c42c66ab8181422β¦
5.3
CVE-2025-9727 - D-Link DIR-816L soap.cgi soapcgi_main os command injection
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the publiβ¦
6.9
CVE-2025-9726 - Campcodes Farm Management System review.php sql injection
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the pβ¦
2
CVE-2025-9725 - Cudy LT500E Web shadow hard-coded password
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high. Tβ¦