5655 matches found
CVE-2024-54803
Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoepeermac and forcing a reboot. This will result in command injection...
ROS-20250402-05
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Html Sanitizer applications is related to with insufficient cleaning of user-supplied data. Exploitation of the vulnerability could allow An attacker acting remotely could conduct cross-site scripting attacks...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : WebKitGTK vulnerabilities (USN-7395-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7395-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...
CVE-2025-2964
...
Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product.
Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws in JAVA. : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts, as described in the "Vulnerability Details...
CVE-2025-28220
Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...
USN-7366-1: Rack vulnerabilities
Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. CVE-2025-25184 Phạm Quang Minh discovered that Rack incorrectly handled certain headers. A remote attacker could possibly use this issue to perform l...
CVE-2025-2618
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function setwsaction of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit...
ruoyi-vue-pro 路径遍历漏洞
ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized and refactored efficient back-end management system framework for the development of enterprise back-end , SaaS platforms , WeChat applets back-end and so on. ruoyi-vue-pro 2.4.1 version of a path traversal...
ruoyi-vue-pro 路径遍历漏洞
ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized and refactored efficient back-end management system framework for the development of enterprise back-end , SaaS platforms , WeChat applets back-end and so on. ruoyi-vue-pro 2.4.1 version of a path traversal...
CVE-2025-2663
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput leads to sql injection. The attack can be...
CVE-2025-2664
A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-2654 SourceCodester AC Repair and Services System manage_service.php sql injection
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manageservice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...
CVE-2025-2643 PHPGurukul Art Gallery Management System edit-art-type-detail.php sql injection
A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-art-type-detail.php?editid=1. The manipulation of the argument arttype leads to sql injection. The attack can be initiated...
CVE-2025-2617
A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...
USN-7360-1: Alpine vulnerabilities
It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. CVE-2020-14929 It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS...
PT-2025-13697 · Tenda · Tenda Fh1202
Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue has been discovered, affecting the Web Management Interface component, specifically the /goform/SysToolChangePwd file. This leads to improper access controls, allowing for remote...
PT-2025-13698 · Tenda · Tenda Fh1202
Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the Web Management Interface component, specifically the unknown processing of the file /goform/SysToolDDNS. This leads to improper access controls, allowing for remote...
CVE-2025-2382
A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched...
Tale Blog 代码注入漏洞
Tale Blog is a Java blog open-sourced by Tale Blog System. A code injection vulnerability exists in Tale Blog version 2.0.5, which originates from cross-site scripting and could lead to remote attacks...