370 matches found
CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-8276
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
CVE-2025-8276
CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...
CVE-2025-10117
A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input alert'XSS' can lead to cross site scripting. The attack can be executed remotely. The...
CVE-2025-9845
A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument productcode/genname/productname/supplier leads to cross site scripting. It is possible to launch...
CVE-2025-9940
CodeAstro Real Estate Management System 1.0 contains a cross-site scripting (XSS) vulnerability in the /feature.php file, caused by manipulation of the msg parameter. The issue can be triggered remotely and exploits are publicly available. Multiple sources (NVD, CVE listing, Red Hat, CNVD, PT Sec...
CVE-2025-9767
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and m...
CVE-2025-9845
The CVE-2025-9845 entry applies to Code-Projects Fruit Shop Management System 1.0. What’s vulnerable: the products.php file’s handling of the arguments product_code, gen_name, product_name, and supplier. Root cause: input parameter manipulation leads to cross-site scripting (XSS). Impact: remote ...
PT-2025-35702
Name of the Vulnerable Software and Affected Versions: Akinsoft MyRezzta versions s2.02.02 through v2.05.01 Description: An improper enforcement of behavioral workflow and uncontrolled resource consumption issue exists in Akinsoft MyRezzta, allowing for input data manipulation. This issue is...
CVE-2025-9716
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...
Linux Distros Unpatched Vulnerability : CVE-2025-31163
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function. CVE-2025-31163 Note...
PT-2025-34722 · Mtons · Mtons Mblog
Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability was detected in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in...
Linux Distros Unpatched Vulnerability : CVE-2025-46400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...
CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...
CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...
CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication
A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...