A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7758: Buffer Overflow in TOTOLINK T6 affecting TOTOLINK T6. Get real-time updates, technical details, and mitigation strateg

CVE-2025-7758: Buffer Overflow in TOTOLINK T6 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7758: Buffer Overflow in TOTOLINK T6

A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7756 is a Cross-Site Request Forgery (CSRF) vulnerability identified in version 1.0 of the code-projects E-Commerce Site. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application, potentially causing unintended actions on behalf of the user without their consent. In this case, the vulnerability affects an unspecified function within the e-commerce platform, enabling remote attackers to exploit the flaw without requiring any privileges or authentication. The CVSS 4.0 base score of 5.3 (medium severity) reflects that the attack vector is network-based (AV:N), requires no privileges (PR:N), and no user authentication (AT:N), but does require user interaction (UI:P), such as the victim clicking a malicious link or visiting a crafted webpage. The impact on confidentiality is none, but there is a low impact on integrity and availability, indicating that the attacker could cause limited unauthorized changes or disruptions. The vulnerability has been publicly disclosed, but no known exploits are currently reported in the wild. Since the affected function is unspecified, the exact scope of potential malicious actions is unclear, but typical CSRF attacks on e-commerce sites could include unauthorized transactions, changes to user account settings, or manipulation of shopping carts. The lack of patch links suggests that a fix may not yet be available, increasing the urgency for mitigation.

Detailed information about CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site affecting code-projects E-Commerce Site. Get real-time upd

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7755 is a vulnerability identified in version 1.0 of the code-projects Online Ordering System. The flaw resides in the /admin/edit_product.php endpoint, specifically in the handling of the 'image' parameter. This vulnerability allows an attacker to perform an unrestricted file upload, meaning that the system does not properly validate or restrict the types or contents of files uploaded through this interface. Because the upload functionality is accessible remotely and does not require user interaction or authentication beyond low privileges, an attacker can exploit this flaw to upload malicious files such as web shells or scripts. These files could then be executed on the server, potentially leading to remote code execution, data compromise, or further system compromise. The CVSS 4.0 score of 5.3 (medium severity) reflects that while the attack vector is network-based and requires low privileges, the impact on confidentiality, integrity, and availability is limited to low levels individually, but combined could be significant. The vulnerability has been publicly disclosed, but no known exploits are currently reported in the wild. However, the presence of public disclosure increases the risk of exploitation attempts. The lack of patches or mitigation details from the vendor increases the urgency for organizations to implement compensating controls.

Detailed information about CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System affecting code-projects Online Ordering System. Get real-t

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.

CVE-2025-50240 is a SQL injection vulnerability identified in nbcio-boot version 1.0.3. The vulnerability exists in the /sys/user/deleteRecycleBin endpoint, specifically via the userIds parameter. SQL injection vulnerabilities occur when untrusted input is improperly sanitized and directly incorporated into SQL queries, allowing an attacker to manipulate the database query. In this case, an attacker could craft malicious input for the userIds parameter to execute arbitrary SQL commands against the backend database. This could lead to unauthorized data access, data modification, or deletion, and potentially allow privilege escalation or further compromise of the application and underlying systems. The vulnerability does not have a CVSS score assigned yet, and no known exploits in the wild have been reported as of the published date. The lack of patch links suggests that a fix may not yet be publicly available. The vulnerability affects nbcio-boot v1.0.3, but no other version information is provided. The endpoint involved, /sys/user/deleteRecycleBin, implies that the function is related to user account management, specifically the deletion of recycled or soft-deleted user records, which could be a sensitive operation with elevated privileges. Exploitation would likely not require authentication if the endpoint is exposed without proper access controls, but this is not explicitly stated. Given the nature of SQL injection, the attack could be automated and remotely executed, increasing the risk of exploitation if the system is internet-facing or accessible by untrusted users.

Detailed information about CVE-2025-50240: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50240: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50240: n/a

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7757: SQL Injection in PHPGurukul Land Record System affecting PHPGurukul Land Record System. Get real-time updates, technic

CVE-2025-7757: SQL Injection in PHPGurukul Land Record System

CVE-2025-7757: SQL Injection in PHPGurukul Land Record System

Description

Technical Details

Related Threats

CVE-2025-7758: Buffer Overflow in TOTOLINK T6

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

CVE-2025-50240: n/a

CVE-2025-23269: CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in NVIDIA Jetson Orin and Xavier Devices

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility