90 matches found
CVE-2025-8752
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
CVE-2025-8752 wangzhixuan spring-shiro-training add command injection
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
CVE-2025-3254
A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /api/v1/models/add endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model...
PT-2025-3896 · Opencart · Blog Botz For Journal Theme
Name of the Vulnerable Software and Affected Versions: Blog Botz for Journal Theme version 1.0 on OpenCart Description: A critical vulnerability was found in Blog Botz for Journal Theme on OpenCart, affecting an unknown part of the file /index.php?route=extension/module/blog add. The manipulation...
DataX-Web 安全漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. A security vulnerability exists in DataX-Web version 2.1.1, which stems from an operating system command injection vulnerability in the glueSource parameter of the /api/job/add/ file...
PT-2024-39616
Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...
CVE-2024-8562
A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...
PHP CRUD 跨站脚本漏洞
PHP CRUD is a PHP-based implementation of add, delete, change and retrieve. A cross-site scripting vulnerability exists in PHP CRUD version 1.0, which stems from a cross-site scripting vulnerability contained in the firstname/middlename/lastname parameters of the /endpoint/Add.php file...
PT-2024-39099 · Unknown · Sourcecodester Php Crud
Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A security issue was discovered in the file /endpoint/Add.php, where the manipulation of the arguments first name, middle name, and last name leads to cross-site scripting. The attack can be...
PT-2024-30075 · Frog Cms · Frog Cms
Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/layout/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, as a temporary...
PT-2024-30083 · Frog Cms · Frog Cms
Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider disabling acces...
PT-2024-29006 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/interfaces/add/". Recommendations: For netbox versio...
PT-2024-29021 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at the "/circuits/circuits/add" API endpoint...
PT-2024-29015 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at the "/dcim/console-ports/add" API endpoint. Recommendations...
PT-2024-37374 · Bethesda · Bethesda Online Reservation System
Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting the uploadImage function of the file /admin/mod room/controller.php?action=add. The manipulation ...
PT-2024-23102 · Unknown · Sentrifugo
Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: A Cross-Site Scripting XSS issue exists in Sentrifugo, specifically through the /sentrifugo/index.php/sitepreference/add endpoint, where the description parameter is vulnerable. This could allow a remote us...
Uncontrolled Resource Consumption
Mattermost is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to Mattermost's failure to handle a null request body in the /add endpoint, which allows a simple member to send a request with a null request body to that endpoint, causing it to crash. After a few repetition...
PT-2024-20260 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sysContent/add" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number o...
PT-2023-32921 · Unknown · Campcodes Online College Library System
Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/borrow add.php of the component HTTP POST Request Handler. The manipulation of the student argument leads ...