88859 matches found
CVE-2025-52864 QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-44013 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...
CVE-2026-0565 code-projects Content Management System delete.php sql injection
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available...
CVE-2026-0547
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CVE-2025-15431
UTT 512W firmware 1.7.7-171114 is affected by a buffer overflow in strcpy used by /goform/formFtpServerDirConfig; manipulating the filename argument can trigger overflow and allows remote exploitation. Public exploit exists; vendor did not respond to disclosure. Connected documents confirm the af...
CVE-2025-15428
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public an...
CVE-2025-15428
CVE-2025-15428 affects UTT 512W router (version 1.7.7-171114). The vulnerability is a buffer overflow in the strcpy usage of the /goform/formRemoteControl implementation, triggered by manipulating the Profile argument. This leads to a potential remote attack with a publicly available exploit. Mul...
CVE-2025-15427
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The research...
CVE-2025-15426
CVE-2025-15426 affects jackying H-ui.admin up to version 3.1. A flaw in the library file /lib/webuploader/0.1.5/server/preview.php allows unrestricted file uploads via a remotely exploitable path. Public PoC exists; vendor reportedly unresponsive. Impact is described as remote arbitrary file uplo...
CVE-2025-15420
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...
PT-2026-1059
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the Report argument within the file /worksheet/work edit.jsp. This allows for remote attacks. The exploit details have been publicly...
PT-2026-1047
Name of the Vulnerable Software and Affected Versions UTT 进取 512W version 1.7.7-171114 Description A flaw exists in the strcpy function within the /goform/formRemoteControl file. Manipulation of the Profile argument can lead to a buffer overflow, allowing for remote attacks. The exploit for this...
EUVD-2026-0008
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...
EUVD-2026-0017
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...
CVE-2025-15405 PHPEMS cross-site request forgery
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...
CVE-2025-15404
A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...
CampCodes School File Management System 代码问题漏洞
CampCodes School File Management System is a school file management system from CampCodes Philippines. A code issue vulnerability exists in CampCodes School File Management System version 1.0, which stems from an incorrect manipulation of the parameter File in the file /savefile.php resulting in ...
PT-2026-20521
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.109 Description A heap buffer overflow exists in the Media component of Google Chrome. This issue could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML...
PT-2026-7643
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.45 Description An issue existed in the Animation rendering within Google Chrome, specifically related to an inappropriate implementation. This could allow a remote attacker to leak cross-origin data...
PT-2026-26528
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium...