CVE-2025-10331 cdevroe unmark Marks.php cross site scripting

A vulnerability has been found in cdevroe unmark up to 1.9.3. This issue affects some unknown processing of the file /application/controllers/Marks.php. Such manipulation of the argument Title leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to th...

CVE-2025-10327

CVE-2025-10327 affects MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The vulnerability is an OS command injection in the shuffle.php endpoint located at /htdocs/api/playlist/shuffle.php, triggered by manipulating the playlist argument. It is exploitable remotely and public proofs of concept exis...

PT-2025-37059

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager versions 19.19 and 19.20 Description: Dell PowerProtect Data Manager, Hyper-V, versions 19.19 and 19.20 contain a vulnerability that allows the insertion of sensitive information into log files. A low-privileged...

Linux Distros Unpatched Vulnerability : CVE-2024-24148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak issue discovered in parseSWFFREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. CVE-2024-24148...

Linux Distros Unpatched Vulnerability : CVE-2017-0589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media...

PT-2025-36425

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A security issue exists in SourceCodester Online Polling System 1.0. Manipulation of the email argument in the /registeracc.php file may lead to SQL injection. The attack can be...

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS contain a log information disclosure vulnerability where hashed user passwords are not properly suppressed in log files, potentially exposing them to unauthorized users. Root cause: sensitive password hashes are logged instead of being hidden. Impact: information dis...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Apartment Management System /admin.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...

CVE-2025-9755

A vulnerability has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting. Remote exploitation of the attack is possible. The...

itsourcecode Sports Management System 安全漏洞

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

CVE-2025-9722 Portabilis i-Educar educar_tipo_ocorrencia_disciplinar_cad.php cross site scripting

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educartipoocorrenciadisciplinarcad.php. Such manipulation of the argument nmtipo/descricao leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-9722

Portabilis i-Educar (up to 2.10) is affected. The vulnerability is a cross-site scripting in the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php, caused by improper handling of the nm_tipo/descricao (or nm_tipo_descricao) argument. It can be exploited remotely; public exploits exist. Co...

Code-Projects Human Resource Integrated System 安全漏洞

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter empid in the file /logintimeee.php. An attacker can...

CVE-2025-51968

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

Linux Distros Unpatched Vulnerability : CVE-2020-18232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in function H5Sclose in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file...

postgresql: PostgreSQL executes arbitrary code in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...

Apartment Management System add_bill.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the mishandling of the ID parameter in the file /bill/addbill.php that can be exploited by an attacker to execute illegal SQL commands to stea...