6 matches found
CVE-2025-60318
CVE-2025-60318 affects SourceCodester Pet Grooming Management Software 1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw in /admin/profile.php exploitable via fname and lname fields, as confirmed across multiple feeds (NVD/Red Hat/CNNVD). Underlying issue: insufficient input validation/...
EUVD-2021-29213
Malicious code in bioql PyPI...
CVE-2022-28866
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...
Improper access control
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...
CVE-2021-42235
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality...
CVE-2021-42235
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality...