133 matches found
CVE-2025-5608
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has...
CVE-2025-5780
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /viewdental.php. The manipulation of the argument itrno leads to sql injection. The attack may be launched remotely. The...
CVE-2025-5566
CVE-2025-5566 pertains to PHPGurukul Notice Board System 1.0, where the argument searchdata in the file /search-notice.php can be manipulated to trigger an SQL injection. The vulnerability is exploitable remotely and has been publicly disclosed. The available sources describe an(SQL) injection vu...
USN-7517-3: Linux kernel (BlueField) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...
CVE-2025-0730
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...
CVE-2023-5285
A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...
CVE-2019-5252
There is an improper authentication vulnerability in Huawei smartphones Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro. The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant...
CVE-2019-3579
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...
CVE-2008-4930
MyBB aka MyBulletinBoard 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing....
PT-2025-21807 · Unknown · Project Worlds Student Project Allocation System
Name of the Vulnerable Software and Affected Versions: projectworlds Student Project Allocation System version 1.0 Description: A critical vulnerability has been found in the projectworlds Student Project Allocation System. This issue affects the file /make group sql.php and is related to SQL...
Microsoft Windows Kernel 数字错误漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A security vulnerability exists in Microsoft Windows Kernel. An attacker could exploit this vulnerability to obtain sensitive information...
CVE-2025-4554
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiat...
CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4504 SourceCodester Online College Library System index.php sql injection
A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit ha...
CVE-2025-4451 D-Link DIR-619L formSetWAN_Wizard52 buffer overflow
A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWANWizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about thi...
CVE-2025-4331
CVE-2025-4331 affects SourceCodester Online Student Clearance System 1.0. The vulnerability is an SQL injection in the /Admin/login.php handler caused by improper manipulation of input parameters (username/password/id), enabling remote exploitation. The vulnerability is publicly disclosed and des...
CVE-2025-4304
A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploi...
CVE-2025-4263 PHPGurukul Online DJ Booking Management System booking-search.php sql injection
A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotel...
CVE-2025-4213 PHPGurukul Online Birth Certificate System search.php sql injection
A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit...