11465 matches found
PT-2025-45582
Name of the Vulnerable Software and Affected Versions qianfox FoxCMS versions up to 1.2.16 Description A cross-site scripting issue exists in the add/edit function of the app/admin/controller/Product.php file. Manipulation of the Title argument can trigger this issue. The attack can be initiated...
CVE-2025-12861
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-53880
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
EUVD-2025-38271
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12861
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12861
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12861 DedeBIZ spec_add.php sql injection
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12861
CVE-2025-12861 affects DedeBIZ up to version 6.3.2. The vulnerability resides in /admin/spec_add.php, where manipulation of the flags[] parameter enables SQL injection. Exploitation is remote and public. Remediation: update to a fixed version (6.3.2+ or later) or apply vendor-provided mitigations.
CVE-2025-12861 DedeBIZ spec_add.php sql injection
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
PT-2025-45465
Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. This issue is related to the manipulation of the flags argument within the /admin/spec add.php file. The exploit for this issue has been...
CVE-2025-34236 Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
PT-2025-45372
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the NetworksController.addNetworkAction function. An authenticated, low-privileged user can inject SQL code through datatable search...
Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989519)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989519 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsiremovehost in pm8001alloc Calling scsiremovehost before scsiaddhost...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989622)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989622 advisory. In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989475)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989475 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the chann...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990305)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990305 advisory. In the Linux kernel, the following vulnerability has been resolved: Revert wifi: mac80211: fix memory leak in ieee80211ifadd This reverts commit...