EUVD-2026-25997

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

CVE-2019-18322

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is...

CVE-2025-12608 itsourcecode Online Loan Management System manage_user.php sql injection

A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manageuser.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has...

EUVD-2018-8362

Malware in sbrugna...

CVE-2025-9153

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...

CVE-2025-9010

Itsourcecode Online Tour and Travel Management System 1.0 is affected by a SQL injection in /admin/booking_report.php via the from_date parameter. The issue allows remote exploitation and the exploit has been disclosed publicly. The vulnerability stems from improper handling of the from_date inpu...

CVE-2025-7909

The CVE-2025-7909 issue affects D-Link DIR-513 v1.0, where the Boa Webserver’s /goform/formLanSetupRouterSettings uses sprintf on the curTime argument, enabling a stack-based buffer overflow. This can be triggered remotely and the exploit has been publicly disclosed. Reports indicate the vulnerab...

CVE-2019-10933

A vulnerability has been identified in Spectrum Power 3 Corporate User Interface All versions = v3.11, Spectrum Power 4 Corporate User Interface Version v4.75, Spectrum Power 5 Corporate User Interface All versions v5.50, Spectrum Power 7 Corporate User Interface All versions = v2.20. The web...

CVE-2018-13809

A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. The integrated web server of the affected CP devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful...

CVE-2025-4545

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2025-2997 zhangyanbo2007 youkefu url server-side request forgery

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2019-20170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GFIPMPXAUTHDelete in...

CVE-2024-7303 itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scripting

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross sit...

Path traversal

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...

K45062506: Siemens Ethernet card DoS vulnerabilities CVE-2018-11451 and CVE-2018-11452

Security Advisory Description CVE-2018-11451 A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions,...

CVE-2019-10934

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

Code injection

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

CVE-2019-10940

A vulnerability has been identified in SINEMA Server All versions V14.0 SP2 Update 1. Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability...

CVE-2019-18334

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to...

CVE-2019-18319

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from...