CVE-2025-12929 SourceCodester Survey Application System LoginRegistration.php update_user sql injection

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

EUVD-2022-24618

Malicious code in bioql PyPI...

EUVD-2022-33700

Malicious code in bioql PyPI...

PT-2025-22855 · Unknown · Seeyon Zhiyuan Oa Web Application System

Name of the Vulnerable Software and Affected Versions: Seeyon Zhiyuan OA Web Application System versions up to 8.1 SP2 Description: A critical vulnerability has been found in the Seeyon Zhiyuan OA Web Application System. This issue affects the this.oursNetService.getData function of the...

CVE-2022-29359

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

CVE-2025-4529 Seeyon Zhiyuan OA Web Application System ZIP File M3CoreController.class download path traversal

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file...

CVE-2025-4000 Seeyon Zhiyuan OA Web Application System ssoproxy.jsp cross site scripting

A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site...

CVE-2025-2762

CVE-2025-2762 affects CarlinKit CPC200-CCPA. The flaw is due to misconfiguration of the SoC hardware root of trust, enabling local privilege escalation and the execution of arbitrary code in the boot context once an attacker gains low-privilege code execution. Reported details indicate the vulner...

CVE-2024-50766

SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter...

Published apps and desktop shows error "The user name and password is incorrect"

The user name or password is incorrect at System.Security.Principal.WindowsIdentity.KerbS4ULogonString upn, SafeAccessTokenHandle& safeTokenHandle at System.Security.Principal.WindowsIdentity..ctorString sUserPrincipalName, String type at System.Security.Principal.WindowsIdentity..ctorString...

Cross site scripting

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

Zyxel CloudCNM SecuManager Hardcoding Vulnerability

Zyxel ZyXEL CloudCNM SecuManager is a set of network management software from Zyxel, Taiwan, China. Zyxel CloudCNM SecuManager ejabberd has a hard-coded vulnerability that can be exploited by remote attackers to submit special requests for unauthorized access to the application system...

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-29359

A stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

CVE-2022-29359

CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...

CVE-2022-1288

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...