88802 matches found
CVE-2023-4180
A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The...
CVE-2018-19943
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...
CVE-2021-2371
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...
CVE-2021-31436
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-10922
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issu...
SUSE CVE-2025-68151
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
CVE-2025-67278
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...
PT-2026-3426
Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A buffer overflow issue exists in the strcpy function located in the file /goform/ConfigExceptMSN. This allows for remote attacks, and the exploit has been publicly disclosed. The vendor was notifie...
CVE-2026-0728 code-projects Intern Membership Management System delete_admin.php sql injection
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...
CVE-2025-69258
Trend Micro Apex Central is affected by CVE-2025-69258 (LoadLibraryEX). The vulnerability allows an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to code execution under the SYSTEM context on affected installations. Current public details indica...
CVE-2025-69258
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...
CVE-2026-0698 code-projects Intern Membership Management System edit_students.php sql injection
A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/editstudents.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The exploit has been disclos...
CVE-2026-0698 code-projects Intern Membership Management System edit_students.php sql injection
A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/editstudents.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The exploit has been disclos...
PT-2026-1938
Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central affected versions not specified Description A message out-of-bounds read issue exists in Trend Micro Apex Central. This could allow a remote attacker to create a denial-of-service condition on affected systems...
FLIR Thermal Camera 操作系统命令注入漏洞
FLIR Thermal Camera F Series and others are a series of thermal imaging cameras from FLIR Corporation. An operating system command injection vulnerability exists in FLIR Thermal Camera PT-Series version 8.0.0.64, which stems from an uncleaned POST parameter and could lead to a remote command...
CVE-2025-65518
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service DoS condition. The vulnerability exists in the getpassword.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service...
carbone Code Injection vulnerability
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...
GHSA-6RCW-WW3X-XQWM carbone Code Injection vulnerability
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...
CVE-2025-1083
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely...
CVE-2025-1465
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...