CVE-2025-8924

The CVE-2025-8924 issue affects Campcodes Online Water Billing System 1.0, specifically the /viewbill.php file where manipulating the ID parameter enables SQL injection. Affected component is the viewbill.php processing logic; root cause is improper handling of the ID argument, allowing remote ex...

CVE-2025-8918

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarinstituicaocad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated...

CVE-2025-8908

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

Windows Security App Spoofing Vulnerability

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

CVE-2025-8763

CVE-2025-8763 concerns Ruijie EG306MG 3.0(1)B11P309 where the strongSwan component processes the /etc/strongswan.conf file. The root cause is manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk, leading to missing encryption of sensitive data. The vulnerability can...

CVE-2025-29866

: External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035...

CVE-2023-41526

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters...

Linux Distros Unpatched Vulnerability : CVE-2017-18241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service NULL pointer dereference and panic by using a noflushmerge...

CVE-2012-10036 Project Pier <= 0.8.8 Arbitrary File Upload RCE

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go, which stems from the vulnerability of filepath.Walk and filepath.WalkDir to a TOCTOU competition condition attack...

Directory Traversal

Overview ipx is a High performance, secure and easy-to-use image optimizer. Affected versions of this package are vulnerable to Directory Traversal via the ipxFSStorage function in the storage/node-fs.ts file, which checks whether a path is within allowed directories. An attacker can access files...

SSCMS 安全漏洞

SSCMS SiteServerCMS is a content management system from China's Bailong Qianwei SSCMS company. A security vulnerability exists in SSCMS SiteServerCMS v7.3.1, which originates from a directory traversal vulnerability in the component /stl/actions/download?filePath...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10, which stems from improper handling of the parameter nome in the file /intranet/publicmunicipiocad.php, which could...

The vulnerability of the entry_delete UploadFiles() function in the Forminator plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the entrydelete UploadFiles function in the Forminator plugin of the WordPress content management system is related to improper external manipulation of file names or file paths. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2025-8500

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely...

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...

WordPress plugin NinjaScanner 安全漏洞

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

i-Educar 代码注入漏洞

i-Educar is a free educational software open source by Portábilis. A code injection vulnerability exists in i-Educar version 2.9, which originates from a cross-site scripting attack due to the incorrect operation of the parameter nome/matriculaservidor in the file /intranet/educarservidorlst.php...