A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-8974: Hard-coded Credentials in linlinjava litemall affecting linlinjava litemall. Get real-time updates, technical details,

CVE-2025-8974: Hard-coded Credentials in linlinjava litemall - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8974: Hard-coded Credentials in linlinjava litemall

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-8973: SQL Injection in SourceCodester Cashier Queuing System affecting SourceCodester Cashier Queuing System. Get real-time 

CVE-2025-8973: SQL Injection in SourceCodester Cashier Queuing System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8973: SQL Injection in SourceCodester Cashier Queuing System

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8972 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Online Tour and Travel Management System. The vulnerability arises from improper sanitization or validation of the 'email' parameter in the /admin/page-login.php file. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially altering the intended SQL queries executed by the backend database. This can lead to unauthorized data access, data modification, or even complete compromise of the database. The vulnerability does not require authentication or user interaction, making it accessible to unauthenticated remote attackers. The CVSS 4.0 base score is 6.9 (medium severity), reflecting a network attack vector with low complexity and no privileges or user interaction required. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability allows partial compromise of the database. No official patches or mitigations have been published yet, and while no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of exploitation.

Detailed information about CVE-2025-8972: SQL Injection in itsourcecode Online Tour and Travel Management System affecting itsourcecode Online Tour and Travel M

CVE-2025-8972: SQL Injection in itsourcecode Online Tour and Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8972: SQL Injection in itsourcecode Online Tour and Travel Management System

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.

CVE-2025-51986 is a vulnerability identified in the demo/LINUXTCP implementation of the cwalter-at freemodbus software, specifically the version dated 2018-09-12. The vulnerability arises from improper handling of a crafted length value within a packet processed by the TCP implementation. An attacker can exploit this flaw by sending a specially crafted packet with a manipulated length field, which causes the affected implementation to enter an infinite loop. This infinite loop condition can lead to a denial of service (DoS) by exhausting CPU resources, effectively making the affected service unresponsive. The vulnerability does not require authentication or user interaction, as it can be triggered remotely by sending a malicious packet to the service. The affected component is a demo TCP implementation used in freemodbus, an open-source Modbus protocol stack commonly used in industrial control systems (ICS) and embedded devices for communication over serial and TCP/IP networks. The lack of a CVSS score and absence of known exploits in the wild suggest this is a newly published vulnerability with limited public exploitation information. However, the infinite loop induced by malformed packets represents a significant reliability and availability risk for systems relying on this implementation. No patches or mitigation links are currently provided, indicating that users must rely on workarounds or updates from the maintainers once available.

Detailed information about CVE-2025-51986: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51986: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51986: n/a

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Detailed information about CVE-2025-21110: CWE-250: Execution with Unnecessary Privileges in Dell Data Lakehouse affecting Dell Data Lakehouse. Get real-time up

CVE-2025-21110: CWE-250: Execution with Unnecessary Privileges in Dell Data Lakehouse

CVE-2025-21110: CWE-250: Execution with Unnecessary Privileges in Dell Data Lakehouse

Description

Technical Details

Related Threats

CVE-2025-8974: Hard-coded Credentials in linlinjava litemall

CVE-2025-8973: SQL Injection in SourceCodester Cashier Queuing System

CVE-2025-8972: SQL Injection in itsourcecode Online Tour and Travel Management System

CVE-2025-51986: n/a

CVE-2025-52335: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility