CVE-2022-27870

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code...

CVE-2022-27869

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code...

CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

CVE-2022-27599

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already...

CVE-2024-2522

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument roomid leads to sql injection. It is possible to initiate the attack remotely. The...

PT-2026-1519

Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1...

AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

EUVD-2026-0781

A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing manipulation of the argument cat/price/name/model/serial results in sql injection. It ...

Code-Projects Online Product Reservation System 代码问题漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A code issue vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from a functionality flaw in the file /handgunner-administrator/prod.php,...

PT-2026-1190

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in an unknown functionality within the /handgunner-administrator/delete.php file. Manipulation of the ID parameter results in a SQL injection condition. This...

CVE-2026-0546

Code-projects Content Management System 1.0 contains a SQL injection in search.php via manipulation of the Value parameter. This vulnerability can be exploited remotely and has publicly disclosed exploit information. Multiple connected sources (PT-2026-1061, Red Hat/CVE feed, NVD/CVE entry, CNNVD...

CVE-2025-15409 code-projects Online Guitar Store Delete_product.php sql injection

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

PT-2025-53756

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description A flaw exists in code-projects Assessment Management 1.0, specifically within the file login.php. Manipulation of the userid argument can lead to SQL injection. This issue is remotely...

RiteCMS File Containment Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

CVE-2025-14414

Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14412 Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from incorrect manipulation of the parameter ID in the file /record.php, which could lea...