CVE-2025-57389

A reflected cross-site scripting XSS vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0...

CVE-2025-57389

A reflected cross-site scripting XSS vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0...

@andrewzagorski/admin (>=4.25.19-patch.1 <=4.25.19-patch.3), @applitools/autonomous-lib (>=1.3.4 <=4.0.251-beta.0) +147 more potentially affected by CVE-2025-9960 via is-localhost-ip (>=1.4.0 <=3.0.1)

is-localhost-ip NPM version =1.4.0, =4.25.19-patch.1, =1.3.4, =2.3.7, =1.0.0, =1.2.11, =0.5.1, =1.0.6, =1.0.0, =1.13.7, =1.0.0, =3.30.0, =4.22.1, =1.14.0, =1.14.1, =1.14.1, =1.31.7 and more Source cves: CVE-2025-9960 Source advisory: SNYK:JS-ISLOCALHOSTIP-13004668...

CVE-2025-8967 itsourcecode Online Tour and Travel Management System packages.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-8967

The CVE-2025-8967 entry concerns itsourcecode Online Tour and Travel Management System 1.0. A SQL injection flaw exists in the file /admin/operations/packages.php, caused by manipulating the pname argument in an unknown function. This vulnerability allows remote exploitation (attack vector: netwo...

CVE-2022-35421

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php...

Online Tours And Travels Management System SQL注入漏洞

Online Tours And Travels Management System is an online travel management system by Carlo Montero, an individual developer. A security vulnerability exists in Online Tours And Travels Management System v1.0, which can be exploited by an attacker to perform SQL injection using the pname parameter ...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

Sitecore 代码问题漏洞

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multilingualism, multi-site deployment, digital asset management, etc. A security vulnerability exists in Sitecore 10.1 and earlier versions, which allows remote authenticate...

CVE-2020-5787

Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action...