223 matches found
E-commerce 安全漏洞
E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0, which stems from the /index parameter not clearing the input to be reflected directly back to the HTML response, which could lead to a cross-site...
Tenda CH22 formWrlsafeset function stack buffer overflow vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda. Tenda CH22 has a stack buffer overflow vulnerability, which originates from the parameter mitssidindex in the formWrlsafeset function in file /goform/AdvSetWrlsafeset that fails to correctly validate the length of the input data, which...
EUVD-2019-5240
Malware in sbrugna...
EUVD-2008-5617
Malware in sbrugna...
EUVD-2021-18516
Malware in sbrugna...
EUVD-2007-2567
Malware in sbrugna...
EUVD-2022-38446
Malicious code in bioql PyPI...
EUVD-2022-40417
Malicious code in bioql PyPI...
EUVD-2023-45867
Malicious code in bioql PyPI...
EUVD-2022-38443
Malicious code in bioql PyPI...
EUVD-2024-31509
Malicious code in bioql PyPI...
EUVD-2023-30853
Malicious code in bioql PyPI...
EUVD-2024-36202
Malicious code in bioql PyPI...
EUVD-2022-38447
Malicious code in bioql PyPI...
EUVD-2023-45370
Malicious code in bioql PyPI...
ARD GEC en Lign 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in versions of ARD GEC en Lign prior to 2025-04-23, which stems from improper handling of the GET parameter in index.php, which could lead to SQL injection attacks and elevation of privilege...
CVE-2025-10479
A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-7761 Reflected XSS in Lepszy BIP
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did no...
CVE-2024-33405
SQL injection vulnerability in addfriends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friendindex parameter...