CVE-2026-7741

creationtimestamp| type| source ---|---|--- 2026-05-04 11:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzjglb4cv2i...

CVE-2026-7741 CodeAstro Online Classroom studentlogin sql injection

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

CVE-2025-7741

creationtimestamp| type| source ---|---|--- 2026-03-30 02:00:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miakvpiie727 2026-04-02 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-092-02...

CVE-2024-7741

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2018-7741

Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI...

Linux Distros Unpatched Vulnerability : CVE-2017-7741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libsndfile before 1.0.28, an error in the flacbuffercopy function flac.c can be exploited to cause a segmentation violation with write memory access via a...

CVE-2024-7741

creationtimestamp| type| source ---|---|--- 2024-08-13 22:59:08+00:00| seen| https://t.me/cvedetector/3078...

CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2020-7741

creationtimestamp| type| source ---|---|--- 2022-08-30 00:49:52+00:00| seen| https://t.me/VulnerabilityNews/29705...

Authorization

In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern "a-zA-Za-zA-Z0-9+.-+:" before making a redirection. This allows a malicious client to pass an XSS payload...

Mageia: Security Advisory (MGASA-2017-0168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2021-1890

Software: libsndfile 1.0.25 OS: Cobalt 7.9 CVE-ID: CVE-2014-9756 CVE-Crit: CRITICAL CVE-DESC: The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service division-by-zero error and application crash via undefined vectors associated with the headindex variable...

SUSE: Security Advisory (SUSE-SU-2017:1367-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: OSV:GHSA-7JH9-6CPF-H4M7...

CVE-2020-7741

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

CVE-2020-7741

CVE-2020-7741 affects the package hellojs (hello.js) before version 1.18.6. The vulnerability arises because the code reads the url parameter oauth_redirect and assigns it to location.assign without validation or sanitisation, allowing an attacker to inject an XSS payload (e.g., javascript:alert(...

CVE-2020-7741 Cross-site Scripting (XSS)

This affects the package hellojs before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert1...

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: SNYK:JS-HELLOJS-1014546...

Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2616)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...