CVE-2025-6910

CVE-2025-6910 affects PHPGurukul Student Record System v3.2, with a SQL injection in the /session.php file exposed via manipulation of the session parameter. The vulnerability is exploitable remotely and is corroborated by multiple sources in connected documents, which consistently describe an un...

CVE-2025-6910 PHPGurukul Student Record System session.php sql injection

A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of the argument session leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-6910

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-6910

creationtimestamp| type| source ---|---|--- 2024-09-09 08:57:42+00:00| seen| https://t.me/cvedetector/5098...

CVE-2024-6910 EventON < 2.2.17 - Admin+ Stored XSS

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-6910

CVE-2024-6910 affects the EventON WordPress plugin for versions prior to 2.2.17. Public sources confirm that the plugin does not sanitize/escape certain settings, enabling a high-privilege user (e.g., an Administrator) to perform stored Cross-Site Scripting attacks, even when unfiltered_html is d...

Ubuntu: Security Advisory (USN-6910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache ActiveMQ vulnerabilities (USN-6910-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6910-1 advisory. Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly...

CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...

CVE-2023-6910

CVE-2023-6910 (M‑Files Server) : Affected software (M‑Files Server) with vulnerable API method prior to 23.12.13195.0 permits uncontrolled resource consumption, allowing an authenticated attacker to exhaust server storage and disrupt service. Connected PT-2023-32818 provides explicit affected ver...

CVE-2020-6910

...

CVE-2020-6910

CVE-2020-6910 entry is rejected/not used; the candidate was not associated with any vulnerability in 2020.

CVE-2017-6910

The CVE-2017-6910 entry concerns Kaazing Gateway and related editions (Gateway JMS Edition, Community/Enterprise Editions) where the HTTP and WebSocket engine components allow remote attackers to bypass access restrictions and obtain sensitive information via HTTP request handling vectors. Affect...

CVE-2018-6910

DedeCMS 5.7 is affected by CVE-2018-6910, a path-disclosure vulnerability that allows remote attackers to discover the full server path by requesting include/downmix.inc.php or inc/inc_archives_functions.php. The issue enables information disclosure that can aid further attacks. The Nuclei templa...

CVE-2016-6910

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app giv...

CVE-2016-6910

The CVE-2016-6910 entry describes a local notification-listener disclosure affecting Samsung Galaxy S6 Edge devices running Android 5.0.2 initially. The vulnerability arises from a non-existent notification listener that, via a vulnerable system app, can allow a non-existent app (package name com...

CVE-2016-6910

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app giv...

CVE-2015-6910

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi...

CVE-2015-6910

The CVE-2015-6910 entry concerns a SQL injection in Synology Video Station prior to version 1.5-0757. The vulnerability exists in the audiotrack.cgi endpoint, where the id parameter can be manipulated to execute arbitrary SQL commands. Affected product: Synology Video Station (Video Manager) befo...

CVE-2014-6910

The MemorizeIt! Android app (package com.kshinenterprises.kshinent.memorizeit) version 1.7.2 does not verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Root cause: failure to verify TLS cer...