Linux Distros Unpatched Vulnerability : CVE-2013-6501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default soap.wsdlcachedir setting in 1 php.ini-production and 2 php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier...

Linux Distros Unpatched Vulnerability : CVE-2017-17521

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Linux Distros Unpatched Vulnerability : CVE-2017-17516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment...

CVE-2025-1855 PHPGurukul Online Shopping Portal product-details.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The...

GFast 安全漏洞

GFast is a GF Go Frame based backend management system by tiger1103. A security vulnerability exists in GFast v2 to v3.2, which originates from a SQL injection in the OrderBy parameter of /system/operLog/list...

CVE-2025-1576

CVE-2025-1576 affects Code-Projects Real Estate Property Management System 1.0. The vulnerability is an SQL injection in an unknown function of the file /ajax_state.php, caused by manipulating the StateName argument in a string. It is exploitable remotely, and the exploit has been disclosed publi...

CVE-2025-0805

The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2025-6821 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A time-based blind SQL Injection vulnerability exists in the EditEventTypes functionality, allowing an attacker to execute arbitrary SQL queries. The newCountName parameter is directly...

CVE-2024-3303

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection...

CVE-2024-5461

Implementation of the Simple Network Management Protocol SNMP operating on the Brocade 6547 FC5022 embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only...

Improper Authentication

github.com/distribution/distribution/v3 is vulnerable to Improper Authentication. The vulnerability is due to Improper Authentication due to inadequate verification of JSON Web Keys JWK in JSON Web Tokens JWT, allowing an attacker to inject an untrusted signing key when token authentication is...

K000149757: Python vulnerability CVE-2022-0391

Security Advisory Description A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the U...

PT-2025-6852 · Unknown · Code-Projects Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A critical issue has been found in the code-projects Wazifa System, affecting an unknown functionality of the file /controllers/control.php. The manipulation of an argument leads to a SQL...

CVE-2025-1154 xxyopen Novel books sql injection

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit...

Apache Ranger Cross-Site Scripting Vulnerability (CNVD-2025-03540)

Apache Ranger is a set of architectures from the U.S.-based Apache Foundation for implementing comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...

CVE-2022-43521

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

CVE-2024-57599

CVE-2024-57599 affects DouPHP v1.8 Release 20231203. The vulnerability arises from improper handling of the description parameter in /admin/article.php, allowing an attacker to inject a crafted payload that leads to cross-site scripting and arbitrary code execution. Affected component: descriptio...

CVE-2024-32883

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

CVE-2024-11258

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has bee...

CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...