VulDB Recent Entries

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is handled as CVE-2025-5628. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. This vulnerability is known as CVE-2025-5627. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. This vulnerability is traded as CVE-2025-5626. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The identification of this vulnerability is CVE-2025-5625. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-5624. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-5623. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-5622. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-5621. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-5620. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-5619. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. This vulnerability was named CVE-2025-5618. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5617. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is handled as CVE-2025-5616. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. This vulnerability is known as CVE-2025-5615. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. This vulnerability is traded as CVE-2025-5614. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The identification of this vulnerability is CVE-2025-5613. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. This vulnerability was named CVE-2025-5612. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5611. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-5610. The attack may be launched remotely. Furthermore, there is an exploit available.