5655 matches found
CVE-2025-0579
CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...
The vulnerability of the server for the Continuous Integration and Delivery system (CI/CD) of GoCD arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.
The vulnerability of the CI/CD server of GoCD is related to an incorrect restriction on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
CVE-2025-0563 code-projects Fantasy-Cricket update.php sql injection
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-0534
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be...
CVE-2025-0530
The CVE-2025-0530 entry concerns code-projects Job Recruitment 1.0. The vulnerability is in the file /_parse/_feedback_system.php where manipulation of the type argument enables cross-site scripting. It is described as exploitable remotely and publicly disclosed. Affected software: code-projects ...
LibreNMS Ports Stored Cross-site Scripting vulnerability
StoredXSS-LibreNMS-Ports Description: Stored XSS on the parameter: /ajaxform.php - param: descr Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...
CVE-2024-7596
An insecure configuration flaw was found in the Generic UDP Encapsulation Protocol. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed...
CVE-2025-0486 Fanli2012 native-php-cms login.php sql injection
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploi...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1015)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20250114-11
The vulnerability of the Python virtualenv virtual environment constructor activation scripts is related to the failure to take steps to neutralize special elements used by the operating system command. measures to neutralize special elements used in the operating system command. Exploitation...
USN-7201-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : WebKitGTK vulnerabilities (USN-7201-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7201-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...
CVE-2024-13198
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...
PT-2025-2050 · Unknown · Zerowdd Myblog
Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A problem has been detected in the update function of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. This issue leads to cross site scripting attacks, which can be launched...
CVE-2025-0206
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed...
CVE-2025-0171
A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2024-13104
A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch t...
CVE-2024-13085 PHPGurukul Land Record System login.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...
PT-2025-2003 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical vulnerability was found in the WiFi Settings Handler component, specifically in an unknown function of the file /goform/form2AdvanceSetup.cgi. The manipulation leads to...
PT-2025-2002 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical issue has been found in the Virtual Service Handler component, affecting the file /goform/form2AddVrtsrv.cgi. This leads to improper access controls, allowing for remote...