11462 matches found
PT-2025-46970
Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.2.0 Description The software contains a SQL Injection flaw through the course-short, course-full, and cdate parameters in the 'add-course.php' file. This allows for potential unauthorized database...
CVE-2024-44639
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the add-subject.php parameters sub1, sub2, sub3, sub4, and course-short. The underlying issue is unsanitized/externally supplied SQL statements in those parameters, enabling an attacker to manipulate queries and access or mo...
CVE-2024-44640
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php...
PT-2025-46963
Name of the Vulnerable Software and Affected Versions Simple Online Hotel Reservation System version 1.0 Description A security issue exists in Simple Online Hotel Reservation System version 1.0. The issue involves SQL injection within the /add query reserve.php file. Manipulation of the room id...
Code-Projects Simple Online Hotel Reservation System 安全漏洞
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...
CVE-2024-44640
CVE-2024-44640 affects PHPGurukul Student Record System 3.20. The vulnerability is a SQL Injection in add-course.php, exploitable via three parameters: course-short, course-full, and cdate. The underlying issue is lack of input validation/sanitization for externally supplied SQL statements in tho...
WordPress Plugin Add Multiple Marker Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Add Multiple Marker, which stems from a...
PT-2026-1239
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the s390/fpu component related to false-positive Kernel Memory Sanitizer KMSAN reports within the fpu vstl function. This occurs because the 'vstl'...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...
Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...
CVE-2025-11777
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...
CVE-2025-11777 Cross-team channel membership access
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...
CVE-2025-11777
Affected products/versions: Mattermost Server 10.5.x (<= 10.5.11) and 10.11.x (
CVE-2025-40145
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...
CVE-2025-60645
A Cross-Site Request Forgery CSRF in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request...
PT-2025-46871
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.0 through 10.5.11 Mattermost versions 10.11.0 through 10.11.3 Description The software does not properly validate team membership permissions in the Add Channel Member API. This allows users from one team to access use...
CVE-2025-60645
A Cross-Site Request Forgery CSRF in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request...
EUVD-2025-124951
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...
CVE-2025-40132
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...
UBUNTU-CVE-2025-40145
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...