CVE-2024-56998

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross-Site Scripting (XSS) in /edit-profile.php via the address parameter. AFFECTED: HMS 4.0; root cause: lack of input sanitization in edit-profile.php. Impacts described in multiple sources include the ability to inject and execute arbi...

PT-2025-2558 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the set qos functionality of internet.cgi. A specially crafted HTTP request can lead to a stack-based buffer overflow. An attacker can ma...

WordPress Formaloo Form Maker plugin <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via address Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Formaloo Form Maker versions = 2.1.3.2...

CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...

PHPGurukul Blood Bank & Donor Management 安全漏洞

PHPGurukul Blood Bank & Donor Management is a blood bank and donor management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Blood Bank & Donor Management version 2.4, which originates from a cross-site scripting vulnerability contained in the Address parameter of the...

PT-2024-17845 · Unknown · Phpgurukul Blood Bank & Donor Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Blood Bank & Donor Management System version 2.4 Description: A problem has been found in the system, affecting some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the Address argument...

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision NVR that originates from a NULL pointer reference due to a special URL parameter value, allowing remote code execution and causing the NVR t...

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to bypassing authentication using a user-controlled key, allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the platform for monitoring, managing, and improving LLM applications involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to influence the integrity and confidentiality of protected information by manipulating the...

WordPress plugin ForumWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

CodeAstro Hospital Management System 安全漏洞

CodeAstro Hospital Management System is a hospital management system from CodeAstro, Inc. A security vulnerability exists in CodeAstro Hospital Management System version 1.0 that stems from incorrect manipulation of the parameters vname, vadr, vnumber, vemail, vphone, and vdesc can lead to...

The vulnerability in the wireless.cgi script of NETGEAR R7000P router software allows a hacker to induce a service failure.

The vulnerability in the wireless.cg script of NETGEAR R7000P router software is related to buffer overflow when processing the RADIUSAddr%dwla parameter. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack by sending a specially crafted POST request...

The vulnerability of the SetNetworkTomographySettings() function in D-Link DIR-823G router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetNetworkTomographySettings function in D-Link DIR-823G router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the Address parameter. Exploiting this vulnerability allows a...

D-Link DIR-820L Code Execution Vulnerability

The D-Link DIR-820L is a dual-band wireless router from China's AUO D-Link. The D-Link DIR-820L suffers from a code execution vulnerability that stems from the pingaddr parameter in the pingv4 and pingv6 functions failing to properly filter the special elements of the constructed code segment. An...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

D-Link DIR-820L 安全漏洞

The D-Link DIR-820L is a dual-band wireless router from China's AUO D-Link. The D-Link DIR-820L suffers from a code execution vulnerability that stems from the pingaddr parameter in the pingv4 and pingv6 functions failing to properly filter the special elements of the constructed code segment. An...

CVE-2024-51023

D-Link DIR823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51023

D-Link DIR823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51023

D-Link DIR823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51023

CVE-2024-51023 affects D-Link DIR-823G (firmware around 1.0.2B05). A command injection exists in SetNetworkTomographySettings via the Address parameter, allowing an attacker to execute arbitrary OS commands through a crafted request. Public documents confirm the vulnerability details but do not p...

PT-2024-8244 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR 823G version 1.0.2B05 Description: The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function, specifically via the Address parameter. This allows attackers to execute arbitrary OS comman...