NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

CVE-2025-49342

Cross-Site Request Forgery CSRF vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through = 1.0...

PT-2025-36530

Name of the Vulnerable Software and Affected Versions: itsourcecode Student Information Management System version 1.0 Description: A weakness exists in itsourcecode Student Information Management System 1.0. The issue involves SQL injection caused by manipulation of the ID argument within an...

Code-Projects Product Inventory System 注入漏洞

Code-Projects Product Inventory System is a Code-Projects open source product inventory system. Code-Projects Product Inventory System version 1.0 suffers from an injection vulnerability, which stems from an incorrect manipulation of the parameter Username in the file /index.php resulting in SQL...

PT-2024-36453 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...

PT-2024-39365 · Unknown · Code-Projects Crud Operation System

Name of the Vulnerable Software and Affected Versions: code-projects Crud Operation System version 1.0 Description: A critical issue was found in the code-projects Crud Operation System. The problem lies in an unknown function of the file updata.php, where the manipulation of the sid argument lea...

PT-2024-30131 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/admin schedule.php" endpoint, allowing remote attackers to execute arbitrary code via the scheduleDurationPHP paramete...

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the id parameter of the /admin/employee/index.php file...

Health Center Patient Record Management System 跨站脚本漏洞

Health Center Patient Record Management System is a Health Center Patient Record Management System by Arvin Arandilla Individual Developer. A cross-site scripting vulnerability exists in SourceCodester Health Center Patient Record Management System version 1.0, which stems from an issue with the...

PT-2022-27729 · Unknown · Helmet Store Showroom

Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom version 1.0 Description: The issue is related to a SQL Injection vulnerability at the Login Page. This vulnerability can be exploited to bypass admin access. Recommendations: For Helmet Store Showroom version 1.0, consid...

CVE-2022-3587

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack...

CVE-2020-23718

Cross site scripting XSS vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php...

Agenzia delle Entrate Desktop Telematico 安全漏洞

Agenzia delle Entrate Desktop Telematic is an application from Agenzia delle Entrate, Italy. Application for checking, authenticating and sending documents A security vulnerability exists in Agenzia delle Entrate Desktop Telematico version 1.0.0. The vulnerability stems from the program contactin...