Aggregator

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. This vulnerability is traded as CVE-2025-9244. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #631526 / VDB-320784

Submit #631525 / VDB-320783

Submit #631524 / VDB-320782

Submit #631523 / VDB-320781

Submit #631522 / VDB-320780

Submit #631521 / VDB-320779

Submit #631520 / VDB-320778

Submit #631519 / VDB-320777

Submit #631518 / VDB-320776

Submit #631517 / VDB-320775

A vulnerability was found in elunez eladmin up to 2.7. It has been classified as problematic. This affects the function exportUser. This manipulation causes csv injection. This vulnerability appears as CVE-2025-9241. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in elunez eladmin up to 2.7 and classified as problematic. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-9240. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in elunez eladmin up to 2.7 and classified as problematic. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. This vulnerability is documented as CVE-2025-9239. The attack can be initiated remotely. There is not any exploit available.

Submit #634313 / VDB-199683

Submit #631473 / VDB-320774

Submit #631424 / VDB-320773

Submit #631393 / VDB-320772

A vulnerability, which was classified as critical, was found in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. This vulnerability is registered as CVE-2025-9238. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. This vulnerability is cataloged as CVE-2025-9237. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.