88859 matches found
PT-2026-26517
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A use-after-free issue exists in the WebRTC component of Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page...
PHPGurukul Online Course Registration 安全漏洞
PHPGurukul Online Course Registration is an online course registration system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Online Course Registration 3.1 and prior versions that stems from a lack of authorization and could lead to a remote attack...
CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server.
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...
CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server.
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...
EUVD-2025-206054
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...
CVE-2023-7331 PKrystian Full-Stack-Bank User sql injection
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...
CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...
CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...
CVE-2019-25262
A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...
EUVD-2025-206016
A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...
CVE-2019-25262 elinicksic Razgover Chat Message send.php cross site scripting
A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...
CVE-2025-15254
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
CVE-2025-15255
A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...
EUVD-2025-206030
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited...
CVE-2025-15252
A flaw has been found in Tenda M3 1.0.0.134903. The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The...
CVE-2025-15251
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entit...
CVE-2025-15375 EyouCMS arcpagelist Ajax.php unserialize deserialization
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...
CVE-2025-15373 EyouCMS function.php saveRemote server-side request forgery
A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be use...
CVE-2025-15215
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...
D-Link DIR-806A 命令注入漏洞
The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...