190 matches found
CVE-2025-3175
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /saveusereditprofile.php. The manipulation of the argument firstName leads to sql injection. The attack may be launched...
CVE-2025-2707
CVE-2025-2707 affects zhijiantianya ruoyi-vue-pro 2.4.1. The root cause is a path traversal vulnerability in the Front-End Store Interface file endpoint /app-api/infra/file/upload, allowing manipulation of the path argument. The issue is exploitable remotely, with public exploit disclosures. Affe...
PT-2025-11551
Name of the Vulnerable Software and Affected Versions 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e Description A vulnerability was found in 猫宁i Morning, affecting an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...
CVE-2025-1955
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site...
CVE-2025-1581
A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. The attack can be launche...
PT-2025-2206 · Obsproject · Obs Studio
Name of the Vulnerable Software and Affected Versions: obsproject OBS Studio versions up to 30.0.2 Description: A vulnerability has been found in obsproject OBS Studio, affecting an unknown functionality. The manipulation leads to an untrusted search path. The attack needs to be approached locall...
CVE-2025-0398
A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The...
PT-2025-3832 · Unknown · Code-Projects Online Bike Rental System
Name of the Vulnerable Software and Affected Versions: code-projects Online Bike Rental System version 1.0 Description: A critical issue has been found in the Change Image Handler component, allowing for unrestricted upload. This can be exploited remotely. The issue affects some unknown...
CVE-2024-13033
A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...
CVE-2024-12932
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. The manipulation of the argument size leads to cross site scripting. The attack can be launched...
CVE-2024-11127
A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...
CVE-2024-10988
The CVE-2024-10988 entry affects code-projects E-Health Care System v1.0, where the vulnerability lies in the file /Doctor/doctor_login.php. The root cause is improper handling of the email parameter, enabling SQL injection that can be triggered remotely and may affect multiple parameters. Severa...
CVE-2024-10654 TOTOLINK LR350 formLoginAuth.htm authorization
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...
CVE-2024-10173
CVE-2024-10173 affects the didi DDMQ 1.0 Console Module. The vulnerability stems from input manipulation of "/;login" that results in improper authentication. It can be exploited remotely, and public disclosures exist. Several connected sources (NVD, Red Hat, CVE list, and related feeds) describe...
CVE-2024-10165
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The explo...
CVE-2024-8692
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The...
PT-2024-39190 · Unknown · Code-Projects Inventory Management
Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management version 1.0 Description: A critical vulnerability was found in the code-projects Inventory Management software. The issue affects an unknown functionality of the file /model/viewProduct.php of the component...
PT-2024-38989 · Unknown · Alwindoss Akademy
Name of the Vulnerable Software and Affected Versions: alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba Description: A problem has been found in an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the emailAddress argument leads to cross-site...
CVE-2024-8209
A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched...
CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload
A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...