PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

EUVD-2025-198620

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

Online Event Judging System action.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in the parameter content in the file /ajax/action.php. An attacker can exploit...

Inventory Management System editBrand.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...

Dairy Farm Shop Management System /search-product.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter productname in the file...

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /manage-notes.php. An attacker can...

PT-2023-32335 · WordPress · The Assistant Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Assistant WordPress plugin versions prior to 1.4.4 Description: The issue arises from the plugin not validating a parameter before making a request to it via wp remote get, which could allow users with a role as low as Editor to perform...

UNISOC Chipsets 输入验证错误漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets wlan module that stems from a lack of parameter checking. This could lead to a local denial of service in the wlan service...

Huawei Honor 8 Bdat Driver Integer Overflow Vulnerability

Huawei Honor 8 Youth is a smartphone device. An integer overflow vulnerability exists in the Huawei Honor 8 Youth Edition Bdat driver. Due to a lack of parameter checking, an attacker can exploit the vulnerability to trick a user into installing a malicious application and executing it with...