Aggregator

A vulnerability was found in oitcode samarium up to 0.9.6. It has been declared as problematic. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9422. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #634128 / VDB-321266

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-9421. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. This vulnerability is tracked as CVE-2025-9420. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in itsourcecode Apartment Management System 1.0 and classified as critical. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-9419. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, was found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9418. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2025-9417. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-9416. The attack may be performed from a remote location. In addition, an exploit is available.

Submit #634084 / VDB-321265

据悉至少130余万人受影响

Submit #634077 / VDB-321264

Submit #634076 / VDB-321263

Submit #634075 / VDB-321262

Submit #634074 / VDB-321261

Submit #634073 / VDB-321260

A vulnerability classified as critical has been found in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-9415. The attack is possible to be carried out remotely. Moreover, an exploit is present.

本报告总结2025上半年漏洞态势与安全问题，从漏洞管理视角提出分析与实践建议

Submit #633921 / VDB-321259