CVE-2023-6074

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated...

CVE-2023-2217

A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/managereminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2023-2390

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site...

CVE-2023-2367

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manageacademic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2023-2694

A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns1data leads to sql injection. It is possible to initiate th...

CVE-2022-42111

A Cross-site scripting XSS vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload...

CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join...

PT-2025-22657 · Unknown · Fujian Kelixun

Name of the Vulnerable Software and Affected Versions: Fujian Kelixun version 1.0 Description: A critical issue has been found in the Filename Handler component, specifically affecting the /app/fax/fax view.php file. The manipulation of the fax file argument leads to os command injection, allowin...

CVE-2022-37462

A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...

CVE-2022-3414

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is...

CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling...

CVE-2022-2262

A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file editallroom.php of the component Room Handler. The manipulation of the argument id with the input...

CVE-2022-44022

PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts...

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

CVE-2021-29040

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...

CVE-2021-41464

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

CVE-2021-36630

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

CVE-2021-29028

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/useractivity.php URI...

CVE-2021-20675

M-System DL8 series type A DL8-A versions prior to Ver3.0, type B DL8-B versions prior to Ver3.0, type C DL8-C versions prior to Ver3.0, type D DL8-D versions prior to Ver3.0, and type E DL8-E versions prior to Ver3.0 allows remote authenticated attackers to cause a denial of service DoS conditio...