160 matches found
CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...
CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...
PT-2025-53330
Name of the Vulnerable Software and Affected Versions Legrand BTicino Driver Manager F454 version 1.0.51 Description The software contains web vulnerabilities that permit attackers to carry out administrative tasks without sufficient request validation. An attacker can leverage cross-site request...
CVE-2023-53975
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...
1Panel 安全漏洞
1Panel is an open source Linux server operations and management panel from the Chinese 1Panel community. A security vulnerability exists in 1Panel 2.0.13 and earlier versions, which stems from unvalidated client-side parameters and could lead to CAPTCHA bypass and account takeover...
EUVD-2025-200084
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
PHPGurukul Online Shopping Portal 安全漏洞
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...
CVE-2025-52186
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for the id and emailid parameters in password-recovery.php. An attacker can exploit this vulnerability to...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...
PHPGurukul Student Record System 安全漏洞
Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of external input SQL statements for multiple parameters in register.php. An attacker can exploit this vulnerability to execute illegal SQL...
D-Link DIR-878 安全漏洞
The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...
TOTOLINK A720R 安全漏洞
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...
PT-2025-44563
Name of the Vulnerable Software and Affected Versions LibreChat version 0.7.9 Description LibreChat version 0.7.9 is susceptible to a Denial of Service DoS attack. The /api/memories endpoint allows unbounded parameter values for the key and value parameters. Lack of proper validation for these...
Apache Airflow 安全漏洞
Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from unvalidated...
EUVD-2025-35921
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...
CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...
CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...