249 matches found
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the unserialized constraints when adding keys. This vulnerability may lead to the...
EUVD-2026-21778
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152 code-projects Vehicle Showroom Management System StaffAddingFunction.php sql injection
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152
CVE-2026-6152 affects code-projects Vehicle Showroom Management System 1.0. The issue is in /util/StaffAddingFunction.php where manipulation of STAFF_ID leads to SQL injection. The attack is remotely exploitable, and the exploit has been publicly disclosed; no remediation details are provided in ...
CVE-2026-6152 code-projects Vehicle Showroom Management System StaffAddingFunction.php sql injection
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
PT-2026-32228
Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A SQL injection issue exists due to the processing of the STAFF ID argument in the /util/StaffAddingFunction.php file. This manipulation can be initiated remotely. The exploit has been...
Code-Projects Vehicle Showroom Management System SQL注入漏洞
The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from improper handling ...
CVE-2026-34722
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4...
EUVD-2026-20562
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4...
production_ssm 安全漏洞
productionssm is an ERP system developed by MegaGao’s individual developers, utilizing technologies such as Spring+SpringMVC+Mybatis, along with jQuery EasyUI. Version 1.0 of productionssm contains a security vulnerability. This vulnerability stems from the authorization bypass that occurs when...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the improper handling of user input when adding articles to the navigation menu via the menu management feature...
EUVD-2019-19856
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...
CVE-2019-25546
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new shar...
EUVD-2025-208174
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...
CVE-2026-27152 DIscourse has DM communication-preference bypass when adding members
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...
CVE-2019-25232
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client...
CVE-2026-22982
CVE-2026-22982 is a Linux kernel vulnerability in the net: mscc: ocelot driver. The issue causes a crash when adding an interface under a lag due to NULL pointer dereferences in the ocelot frontend (ocelot_vsc7514.c) where unused ports may be left as NULL. The fix updates the code to verify the p...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46843)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46843 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only i...
CVE-2025-20389
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the...