CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-5391

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched...

CVE-2019-5322

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08. before 16.08.0009, 16.09. before 16.09.0007 and 16.10. before 16.10.0003...

CVE-2025-4980 Netgear DGND3700 mini_http currentsetting.htm information disclosure

A vulnerability has been found in Netgear DGND3700 1.1.00.151.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component minihttp. The manipulation leads to information disclosure. The attack can be initiated remotely. The explo...

CVE-2025-4552

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploi...

CVE-2025-3856

CVE-2025-3856 affects xxyopen Novel-Plus 5.1.0. The vulnerability is in the /book/searchByPage function, where the sort parameter is manipulated to trigger a SQL injection. It can be exploited remotely, and public disclosure exists. Connected documents consistently identify the vulnerable endpoin...

CVE-2025-3352

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql injection. The attack may be launched remotely...

CVE-2025-3331

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /paymentsave.php. The manipulation of the argument mode leads to sql injection. The attack may be initiated remotely. T...

PT-2025-6877 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS versions up to 0.1.5 Description: A vulnerability has been found in the Template Menu component of FastCMS, affecting unknown code of the file /fastcms.html/template/menu. The manipulation leads to cross-site scripting. The attack can...

CVE-2024-3482

A Stored Cross-Site Scripting XSS vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited...

CVE-2024-12956

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /addachievementdetails.php. The manipulation of the argument achcerty leads to unrestricted upload. The attack may be initiated remotel...

Debian dla-3997 : php-illuminate-auth - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3997 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3997-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-11240

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

CVE-2024-10157

A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username/mobileno leads to sql injection...

CVE-2024-9792

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely...

IDEC CORPORATION WindLDR and WindO/I-NV4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : IDEC Corporation Equipment : WindLDR, WindO/I-NV4 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...

Siemens Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-8576

The CVE-2024-8576 issue affects TOTOLINK AC1200 T8/T10 (versions 4.1.5cu.861_B20230220–4.1.8cu.5207) where an input in the setIpPortFilterRules function (/cgi-bin/cstecgi.cgi) allows manipulation of the desc parameter to cause a buffer overflow. This enables a remote attacker to potentially corru...

PT-2024-38836 · Code Projects · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue affects the processing of the file "/index.php?action=editPharmacist". The manipulation of the id argument leads to SQL injection. The attack may be initiated...

PT-2024-38504 · Unknown · Code-Projects Job Portal

Name of the Vulnerable Software and Affected Versions: code-projects Job Portal version 1.0 Description: A critical issue affects the processing of the file rw i nat.php, where the manipulation of the id argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...