CVE-2025-2638

CVE-2025-2638 affects JIZHICMS up to v1.7.0. The vulnerability resides in the Article Handler’s /user/release.html endpoint, where manipulating the ishot argument (e.g., input 1) leads to improper authorization. Exploitation can be performed remotely, and public disclosures exist. Multiple connec...

CVE-2025-2419 code-projects Real Estate Property Management System InsertFeedback.php sql injection

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to...

CVE-2025-2061 code-projects Online Ticket Reservation System passenger.php cross site scripting

A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-2057 PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The...

Unspecified Vulnerability in Google Chrome (CNVD-2025-03649)

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to cause phishing attacks that spoof users...

CVE-2024-10991

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-0487

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/catedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

Adobe Connect Access Control Error Vulnerability (CNVD-2025-02843)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect has an Access Control Error vulnerability that stems from the inclusion of an improper access control. An attacker could exploit the vulnerability to cause a security feature bypas...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-42451)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...

CVE-2024-10135 ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2024-9787 Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

CVE-2024-9569

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely...

Apache Linkis Elevation of Privilege Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An elevation of privilege vulnerability exists in Apache Linkis, which can be exploited by an attacker to gain...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of Fullscreen. An attacker can exploit the vulnerability to bypass security restrictions...

Absolute Secure Access Security Vulnerability

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06. An attacker exploited the vulnerability resulting in a significant...

CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to...

Intel Smart Campus Android application security vulnerability

Intel Smart Campus Android application is an application from Intel Corporation USA. A security vulnerability exists in the Intel Smart Campus Android application. An attacker could cause a denial of service by exploiting this vulnerability...

FRRouting FRR Security Vulnerabilities

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0.1 and earlier versions. An attacker could exploit this vulnerability to cause a system crash...