4.3
CVE-2025-25621 -
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
6.9
CVE-2025-2353 - VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. It is β¦
4.8
CVE-2025-2352 - StarSea99 starsea-mall Backend save cross site scripting
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may bβ¦
6.9
CVE-2025-2351 - DayCloud StudentManage Login Endpoint adminScoreUrl sql injection
A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit β¦
5.3
CVE-2025-2350 - IROAD Dash Cam FX2 upload_file unrestricted upload
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. Theβ¦
2.3
CVE-2025-2349 - IROAD Dash Cam FX2 Password Hash passwd weak password hash
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effβ¦
5.3
CVE-2025-2348 - IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local networβ¦
5.3
CVE-2025-2347 - IROAD Dash Cam FX2 Device Registration default password
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to beβ¦
6.3
CVE-2025-2346 - IROAD Dash Cam X5/Dash Cam X6 Domain origin validation
A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotβ¦
9.3
CVE-2025-2345 - IROAD Dash Cam X5/Dash Cam X6 improper authorization
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosureβ¦