74 matches found
CVE-2025-6323
The CVE-2025-6323 entry describes a SQL injection flaw in PHPGurukul Pre-School Enrollment System 1.0, in the file /enrollment.php, triggered by the fathername parameter. Root cause: lack of input validation/unsafe concatenation enables remote attacker to modify SQL statements. Impact: potential ...
CVE-2025-5520
A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmmstateauthentication/emmstateauthentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has be...
CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...
CVE-2025-0870
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of ...
CVE-2023-0659
A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...
CVE-2023-2220
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
CVE-2025-4122
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure bu...
CVE-2025-3976
The CVE-2025-3976 entry affects PHPGurukul COVID19 Testing Management System v1.0, specifically the /new-user-testing.php endpoint. The vulnerability is an SQL injection caused by manipulation of the mobilenumber parameter, exploitable remotely. Multiple connected sources corroborate the affected...
CVE-2025-3409
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...
CVE-2025-3170
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /adminuser.php. The manipulation of the argument blockid/unblockid leads to sql injection. It is possible to initiate the attack remotely. The...
PT-2025-7804 · Benner · Benner Modernanet
Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions 1.1.0 and earlier Description: A critical issue has been found in Benner ModernaNet, affecting an unknown part of the file...
SUSE CVE-2025-1152
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...
DEBIAN-CVE-2025-1151
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The...
AZL-56103 CVE-2025-0840 affecting package binutils for versions less than 2.37-11
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...
CVE-2024-13198
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...
PT-2024-16393 · Safenet · Esafenet Cdg
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical issue was found in ESAFENET CDG, affecting the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to SQL...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
SUSE CVE-2024-7272
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fillaudiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in versio...
CVE-2024-7838
A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The...
CVE-2024-7320
A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attac...