Security Vulnerabilities
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-09
A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-09
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-09
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
CLI Configlet
page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-09
A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change.
Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced.
This does not allow users to login with a wrong password, but only with the correct but expired one.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S3, 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S4-EVO,
* 23.4 versions before 23.4R2-S5-EVO,
* 24.2 versions before 24.2R2-S1-EVO,
* 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-09
A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change.
Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced.
This does not allow users to login with a wrong password, but only with the correct but expired one.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S3, 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S4-EVO,
* 23.4 versions before 23.4R2-S5-EVO,
* 24.2 versions before 24.2R2-S1-EVO,
* 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-09
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-09
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-10-09
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-09