39 matches found
CVE-2025-6817
The CVE affects HDF5 1.14.6, specifically the H5C__load_entry function in /src/H5Centry.c. The issue is a resource consumption exploit triggered by local access, with public disclosure of the exploit. The connected sources describe the vulnerability without providing patch/version details or reme...
CVE-2025-6315
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cart2.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-5976
A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The...
CVE-2025-5758
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-5732
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
CVE-2024-3321
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2024-11130
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2020-36525
A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-4867
The CVE-2025-4867 entry concerns Tenda A15 (firmware version 15.13.07.13). The vulnerability lies in the function formArpNerworkSet within the file /goform/ArpNerworkSet, where manipulation leads to a denial of service. Exploitation can be remote and the exploit has been disclosed publicly. Multi...
CVE-2025-2926
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
CVE-2025-2756 Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to...
CVE-2025-2638 JIZHICMS Article release.html improper authorization
A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiat...
CVE-2025-0948
CVE-2025-0948 affects the itsourcecode Tailoring Management System 1.0. A vulnerability in the file incview.php, via the incid parameter, enables SQL injection that can be triggered remotely. Public exploit information exists according to the sources. Affected component is the incview.php code pa...
CVE-2024-10378 ESAFENET CDG CDGRenewApplicationService.java actionViewCDGRenewFile sql injection
A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the...
CVE-2024-7849
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-...
CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal
A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...
CVE-2024-6374 lahirudanushka School Management System Subject Page subject.php cross site scripting
A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...
CVE-2023-1482 HkCms External Plugin code injection
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...