CVE-2025-8376 code-projects Vehicle Management updatebal.php sql injection

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

PT-2025-31556 · Unknown · Code-Projects Vehicle Management

Name of the Vulnerable Software and Affected Versions: code-projects Vehicle Management version 1.0 Description: A critical issue exists in an unknown functionality of the file /filter.php. The manipulation of the from argument leads to SQL injection. The attack can be launched remotely. The...

CVE-2025-7410

A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function of the file /cartremove.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

PT-2025-26548 · Unknown · Code-Projects Online Bidding System

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability has been found in the code-projects Online Bidding System. The issue is related to an unknown function of the file /bidlog.php, where the manipulation of th...

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2020-11713

wolfSSL 4.3.0 has mulmod code in wceccmulmodex in ecc.c that does not properly resist timing side-channel attacks...

CVE-2019-13203

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or...

Monero 18.3.4 Denial of Service

Monero version 18.3.4 suffers from a memory exhaustion vulnerability. Hello, About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found at the following link:...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)

Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

CVE-2024-12359 code-projects Admin Dashboard vendor_management.php cross site scripting

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendormanagement.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploi...

Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)

An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...

CVE-2024-30799

An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function...

CVE-2023-31036 CVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lea...

Siemens Solid Edge Buffer Overflow Vulnerability (CNVD-2024-01402)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. A buffer overflow vulnerability exists in Samsung Solid Edge, which can be exploited by an attacker to execute code in the context of th...

MGASA-2023-0297 Updated cadence packages fix security vulnerabilities

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. CVE-2023-43782 Cadence through 0.9.2 2023-08-21 uses...

Android Manifest Misconfiguration Leading to Task Hijacking

Description Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. This vulnerability applies to all Android versions before Android 11. Steps To Reproduce: 1. Victim installs malicious app 1. Victim starts...

CVE-2023-30789

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter...

SUSE CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

CVE-2022-41143

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...