Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters at /apprain/developer/addons/update/commonresource. An attacker can execute arbitrary JavaScript code in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/hysontable process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

CVE-2025-41052

CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...

CVE-2025-41046

CVE-2025-41046 : Multiple sources confirm a stored authenticated XSS in appRain CMF 4.0.5 via improper validation on input data[Addon][layouts] and data[Addon][layouts_except] at /apprain/developer/addons/update/960grid. Impact described across CNVD/NVD/RH/SNYK variants includes potential cookie-...

CVE-2025-41046 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...

Moderate: Red Hat Security Advisory: python-setuptools security update

An update for python-setuptools is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Moderate: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

Online Restaurant Management System 安全漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. A security vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of parameter IDs in the /admin/categoryupdate.php file, which may lea...

PT-2025-4084 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue affects the processing of the file "/dashboard/admin/updateplan.php". The manipulation of the planid argument leads to SQL injection. The attack can be initiated remotel...

DEBIAN-CVE-2024-53201

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in dcn20programpipe This commit addresses a null pointer dereference issue in dcn20programpipe. Previously, commit 8e4ed3cf1642 "drm/amd/display: Add null check for...

Online Class and Exam Scheduling System room_update.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System has a SQL injection vulnerability that originates from a lack of sufficient input validation for the id parameter in the /pages/roomupdate.php file. No details of the...

ext4: update orig_path in ext4_find_extent()

...

PT-2024-16326 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /admin/blood/update/B-.php. The manipulation of the Bloodname argument leads to SQL injection. It is possible...

code-projects Blood Bank System SQL注入漏洞

Code-Projects Blood Bank System is an open source blood bank management system from Code-Projects. A SQL injection vulnerability exists in code-projects Blood Bank System version 1.0, which stems from the parameter bloodname in the file /admin/blood/update/o-.php that can lead to SQL injection...

DEBIAN-CVE-2022-48933

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function was called for this...

Oracle Linux 8 : iperf3 (ELSA-2024-4241)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4241 advisory. 3.5-10 - Resolves: RHEL-29578 - vulnerable to marvin attack if the authentication option is used 3.5-9 - Resolves: RHEL-17069 - possible denial of...

iperf3 security update

3.5-10 - Resolves: RHEL-29578 - vulnerable to marvin attack if the authentication option is used 3.5-9 - Resolves: RHEL-17069 - possible denial of service 3.5-8 - Related: 2222205 - bumping nvr for correct update path...

CVE-2024-2533

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The...

CVE-2024-22457

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and...

CVE-2024-22457

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and...