173 matches found
CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection
A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...
CVE-2026-1159
CVE-2026-1159 affects itsourcecode Online Frozen Foods Ordering System 1.0. The issue arises from processing of the file /order_online.php, where manipulating the argument product_name can lead to an SQL injection. The vulnerability can be exploited remotely, and public proofs-of-concept exist ac...
CVE-2026-1155
Based on provided records, CVE-2026-1155 affects Totolink LR350 9.3.5u.6369_B20220309, specifically the setWiFiEasyGuestCfg function in /cgi-bin/cstecgi.cgi. The root cause is a buffer overflow triggered by manipulating the ssid argument, allowing remote exploitation. The vulnerability is corrobo...
CVE-2026-1147
SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 contains a cross-site scripting vulnerability in an unknown portion of /php/api_patient_schedule.php triggered by manipulating the Reason parameter. The flaw can be exploited remotely and the exploit is publicly availa...
CVE-2025-15539
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...
PT-2026-1973
Name of the Vulnerable Software and Affected Versions Intern Membership Management System version 1.0 Description A SQL injection issue exists in code-projects Intern Membership Management System 1.0. The issue affects an unknown function within the /intern/admin/edit activity.php file...
CVE-2024-2559
A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to t...
CVE-2026-0592
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/registercode.php of the component User Registration Handler. Performing a manipulation of the argument...
CVE-2025-15218
A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...
CVE-2025-15214 Campcodes Park Ticketing System admin_class.php save_pricing cross site scripting
A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and...
CVE-2025-15173 SohuTV CacheCloud InstanceController.java advancedAnalysis cross site scripting
A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit...
CVE-2025-15134 yourmaileyes MOOC Submission MainController.java subreview cross site scripting
A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated...
EUVD-2025-203471
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14662
A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made...
EUVD-2025-203292
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...
CVE-2025-14582 campcodes Online Student Enrollment System index.php unrestricted upload
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is...
CVE-2025-13555
A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument studno results in sql injection. The attack can be initiated remotely. The exploit is now public an...
CVE-2025-13560
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
PT-2025-47843
Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 routers. The issue is located in an unknown function...
CVE-2025-13122
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/apipatientcheckin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to...