CVE-2019-25499

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2025-70218

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component...

PT-2026-23008

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component...

PT-2026-22956

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app id parameter. Attackers can send POST requests to delete application ajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2025-70218

CVE-2025-70218 affects D-Link DIR-513 v1.10. A stack buffer overflow exists in the goform/formAdvFirewall component when processing POST data. Several connected sources corroborate the same vulnerability description and impact: potential arbitrary code execution or denial of service. Public explo...

PT-2026-22950

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 Craft versions prior to 5.9.0-beta.1 Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorI...

CVE-2025-50198

CVE-2025-50198 affects Chamilo before version 1.11.30. The vulnerability is a deserialization of untrusted data in /plugin/vchamilo/views/import.php triggered via POST parameters (configuration_file, course_path, home_path). The issue is addressed in Chamilo 1.11.30. According to the provided met...

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

EUVD-2025-208160

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

Hoppscotch 授权问题漏洞

Hoppscotch is an open-source API development ecosystem developed by Hoppscotch. Versions of Hoppscotch prior to 2026.2.0 had authorization-related vulnerabilities. These vulnerabilities allowed unverified attackers to override entire infrastructure configurations with a single HTTP POST request,...

PT-2026-21743

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc wit...

CVE-2025-67445

CVE-2025-67445 affects TOTOLINK X5000R (v9.1.0cu.2415_B20250515) in the /cgi-bin/cstecgi.cgi CGI. The issue stems from reading CONTENT_LENGTH and calling malloc(CONTENT_LENGTH + 1) without proper bounds checks. A crafted large POST request can exhaust memory or cause a segmentation fault when the...

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

PT-2026-21487

Name of the Vulnerable Software and Affected Versions Order Up Online Ordering System version 1.0 Description A SQL Injection flaw exists in the /api/integrations/getintegrations API endpoint of Order Up Online Ordering System 1.0. An unauthenticated attacker can exploit this issue by sending a...

CVE-2026-26464

Stored Cross-Site Scripting XSS was found in the /admin/edituser.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST...

CVE-2026-26464

Stored Cross-Site Scripting XSS was found in the /admin/edituser.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...