83 matches found
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
CVE-2025-45798
CVE-2025-45798 is a command execution vulnerability in the TOTOLINK A950RG with firmware version 4.1.2cu.5204_B20210112. It arises from improper handling of the IpTo parameter in the setNoticeCfg interface inside /lib/cste_modules/system.so, enabling arbitrary command execution. Documented impact...
GHSA-M67M-3P5G-CW9J VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...
SourceCodester Online Food Ordering System 注入漏洞
SourceCodester Online Food Ordering System is a SourceCodester open source online food ordering system. An injection vulnerability exists in SourceCodester Online Food Ordering System version 2.0, which stems from an incorrect manipulation of the parameter pid that can lead to SQL injection...
TOTOlink A3002R 安全漏洞
TOTOLINK A3002R is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOlink A3002R version V1.1.1-B20200824.0128, which originates from improper validation of the pppoedns1 parameter input, resulting in a buffer overflow...
SourceCodester Employee Management System 安全漏洞
SourceCodester Employee Management System is a SourceCodester open source php-based system for employee performance management. A security vulnerability exists in SourceCodester Employee Management System version 1.0, which stems from an incorrect operation of the username/password parameters tha...
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...
CVE-2024-57030
Wegia 3.2.0 is vulnerable to Cross Site Scripting XSS in /geral/documentosfuncionario.php via the id parameter...
CVE-2024-57575
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...
PT-2025-4601 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the Cadastro Atendido.php...
itsourcecode Tailoring Management System 注入漏洞
itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from an incorrect manipulation of the parameter inccat/desc/date/amount that can lead ...
Codezips Free Exam Hall Seating Management System 安全漏洞
Codezips Free Exam Hall Seating Management System is a free exam hall seating management system from Codezips open source. A security vulnerability exists in Codezips Free Exam Hall Seating Management System version 1.0, which stems from mishandling of the parameter IMAGE, resulting in unrestrict...
TOTOLINK AC1200 T8 UploadCustomModule function buffer overflow vulnerability
The TOTOLINK AC1200 T8 is a dual-band full gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 T8 UploadCustomModule function. The vulnerability stems from the failure of the File parameter of the UploadCustomModule function to...
PT-2024-31264 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the id parameter in the "adv2.php" component. Recommendations: For ZZCMS versions 2023 and earlier, consider...
Simple Online Bidding System Code Issue Vulnerability
Simple Online Bidding System is an online bidding system by oretnom23 individual developers. A code issue vulnerability exists in SourceCodester Simple Online Bidding System version 1.0, which stems from the parameter img in the file /admin/ajax.php?action=savesettings that can lead to unrestrict...
The vulnerability in the `index.php?c=api` script of the OneNav bookmark management interface, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the /index.php?c=api interface of the OneNav bookmark management program is related to deficiencies in the authentication process due to incorrect generation of tokens with the X-Token parameter. Exploiting this vulnerability allows a malicious actor to compromise the...
CVE-2024-36079
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...
Simple Chat System SQL Injection Vulnerability
Simple Chat System is a simple chat system by nurhodelta17 individual developer. A SQL injection vulnerability exists in Simple Chat System version 1.0, which stems from an incorrect manipulation of the parameters email/password that can lead to SQL injection...
Amavis security breach
Amavis is a high-performance email content filtering framework written in Perl. A security vulnerability exists in Amavis versions prior to 2.12.3 and 2.13.x prior to 2.13.1, which stems from an interpretation conflict that may incorrectly check for prohibited files or malware when multiple...