Security Vulnerabilities
SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-21
A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-08-21
Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-21
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-21
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-21
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-21
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-21
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-21
A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-21
A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-21