1762 matches found
EUVD-2018-21675
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...
CVE-2026-22732
A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...
CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...
CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
PT-2026-24834
CVE-2026-2368 An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute… https://t.co/M7UelXEVSF...
EUVD-2026-10508
Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70033
CVE-2025-70033 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-79: Improper Neutralization of Input During Web Page Generation in Sunbird-Ed’s portal. CVSSv3.1 base: 5.4 (MEDIUM) with Network attack vector, Low confidentiality and integrity impact, no availability impact; user inter...
CVE-2026-27996
CVE-2026-27996 (WordPress Lingvico theme <= 1.0.14) is a Local File Inclusion (LFI) vulnerability caused by improper control of include/require filenames in PHP. Affected software is ThemeREX Lingvico Lingvico (WordPress theme) versions up to and including 1.0.14. The NVD entry and Red Hat/CVE...
CVE-2026-27988
CVE-2026-27988 describes an unauthenticated Local File Inclusion in the WordPress ThemeREX Equadio theme (Equadio) <= 1.1.3, caused by improper control of the filename used in Include/Require. The vulnerability could allow an attacker to access local files on the server. Public sources in the ...
PT-2026-22825
A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...
CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2025-71248
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...
CVE-2019-25390
CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...
CVE-2019-25311
The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...
CVE-2025-7799
CVE-2025-7799 describes a Reflected XSS vulnerability in Zirve Information Technologies Inc.’s E-Taxpayer Accounting Website (through 07082025). The issue stems from improper input neutralization during web page generation, enabling attacker-supplied input to be reflected back to the user in the ...
CVE-2026-2116
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...