5655 matches found
CVE-2020-2959
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Orac...
CVE-2020-35939
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...
CVE-2015-10086
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling...
CVE-2024-7829
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and...
CVE-2024-12228
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-3354
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/modusers/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...
CVE-2024-11680
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-8301
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can b...
Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high integrity impact, low confidentiality impat. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to t...
PT-2025-4395 · Vmware · Vmware Aria Operations For Logs
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script,...
Ubiquiti Networks UniFi Improper Access Control (CVE-2016-7792)
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
The vulnerability of the Open Social CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Open Social CMS system, Drupal, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2025-0787 ESAFENET CDG appDetail.jsp cross site scripting
A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be launched remotely. The exploit has be...
CVE-2025-0786 ESAFENET CDG appDetail.jsp sql injection
A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public...
CVE-2025-0784
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can b...
CVE-2025-0783 pankajindevops scale API Endpoint access control
A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...
ROS-20250128-06
A vulnerability in the convertfromstr function of the numpy.core component of the NumPy for Python module is related to an incorrect string comparison. Exploitation of the vulnerability could allow an attacker acting remotely to initiate a copy. remotely to initiate data copying using specially...
CVE-2025-0730
CVE-2025-0730 affects TP-Link TL-SG108E (version 1.0.0 Build 20201208 Rel. 40304). The vulnerability is in an unknown function of the HTTP GET Request Handler for /usr_account_set.cgi, where manipulating the username/password parameters in a GET request can disclose sensitive query data and is po...
7-Zip Mark-of-the-Web Bypass
Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...
PT-2025-4237 · Oracle +8 · Mysql Server +7
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the Server: Optimizer component of MySQL Server, allowing an attacker with low privileges...