itsourcecode Content Management System SQL注入漏洞

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.24.2 of AstrBot contains a security vulnerability. This vulnerability stems from improper handling of the sessionid parameter in the astrmainagent function within the...

Astra Linux - уязвимость в golang-1.19, golang-1.23

The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Added a call to putpid. Added a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID; therefore, we need to free it here to avoid leaks. [email protected]: reword...

CVE-2026-29793

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...

SourceCodester Client Database Management System 授权问题漏洞

SourceCodester Client Database Management System is an open-source client database management system developed by SourceCodester. Version 1.0 of the SourceCodester Client Database Management System has a vulnerability related to authorization issues. This vulnerability stems from the handling of...

PT-2026-23435

Name of the Vulnerable Software and Affected Versions Jetty affected versions not specified Description The Jetty URI parser exhibits differences in how it evaluates invalid or unusual URIs compared to other common parsers. This differential parsing of URIs, particularly in systems with multiple...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from incorrect manipulation of the parameter ID in the file /record.php, which could lea...

Code-Projects Simple Food Ordering System SQL注入漏洞

Code-Projects Simple Food Ordering System is a Code-Projects open source simple food ordering system. A SQL injection vulnerability exists in Code-Projects Simple Food Ordering System version 1.0, which stems from the incorrect manipulation of the parameter ID by an unknown function in the file...

mall-swarm authorization issue vulnerability (CNVD-2026-10878)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...

CVE-2021-47696

Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

EUVD-2025-10264

Malicious code in bioql PyPI...

SourceCodester Hotel Reservation System SQL注入漏洞

SourceCodester Hotel Reservation System is a SourceCodester open source hotel reservation system. A SQL injection vulnerability exists in SourceCodester Hotel Reservation System version 1.0, which stems from incorrect manipulation of the parameter ID in the file editroomimage.php, which could lea...

PHPGurukul Employee Leave Management System 安全漏洞

PHPGurukul Employee Leave Management System is an employee leave management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Employee Leave Management System version 2.1, which stems from improper handling of the leaveid parameter and could lead to an insecure direct obje...

Linux Distros Unpatched Vulnerability : CVE-2021-22236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present i...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /complain/addcomplain.php. An attacker can exploit...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper handling of the parameter projectID in the component LocalStorage Handler, which...

Linux Distros Unpatched Vulnerability : CVE-2020-35508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling...

SourceCodester Simple Company Website 安全漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. A security vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

The vulnerability of the verifyFacebookLike() function in the software for Linksys wireless signal amplifiers allows a hacker to execute arbitrary commands.

The vulnerability of the verifyFacebookLike function in the microprogramming software for Linksys wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s processing of parameters uid and accessToken. Exploiting this...