SourceCodester Web-based Pharmacy Product Management System 安全漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source web-based pharmacy product management system. A security vulnerability exists in Sourcecodester Web-based Pharmacy Product Management System v1.0, which originates from a cross-site scripting attack on the...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

CVE-2025-64070

CVE-2025-64070 affects Sourcecodester Student Grades Management System v1.0. It describes a Cross Site Scripting (XSS) vulnerability in the Add New Subject Description field. The CVSSv3.1 base score is 5.4 (MEDIUM) with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Exploitation details in public re...

PT-2025-48737

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /product expiry/add-supplier.php via the Supplier Name field...

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Supplier Name field of /product_expiry/add-supplier.php. The issue is documented across multiple feeds (NVD, Red Hat, ENISA, CNNVD, CVE lists) with consistent description. Root caus...

CVE-2025-13798

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2025-13798 ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2025-13798 ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2025-13798

The CVE-2025-13798 issue affects ADSLR NBR1005GPEV2 (version 250814-r037c). It concerns the function ap_macfilter_add in /send_order.cgi, where manipulating the mac argument can trigger a command injection. The vulnerability can be exploited remotely and, according to the sources, an exploit has ...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-20373

CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...

CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-13573

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

PT-2025-48163

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

Splunk Add-on for Palo Alto Networks 日志信息泄露漏洞

Splunk Add-on for Palo Alto Networks is an add-on from Splunk, Inc. A log message disclosure vulnerability exists in Splunk Add-on for Palo Alto Networks versions prior to 2.0.2, which stems from exposing client keys in plaintext...

VulnCheck KEV: CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

EUVD-2025-199651

An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...