RHEL 9 : doxygen (RHSA-2025:1329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1329 advisory. Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is...

CVE-2025-0461 Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&miniproconsttype=1&relatedmodule=Singin...

CVE-2024-11649 1000 Projects Beauty Parlour Management System search-appointment.php sql injection

A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated...

Low: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: heap-based buffer...

CVE-2024-10735 Project Worlds Life Insurance Management System editNominee.php sql injection

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nomineeid leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-8867

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be...

CVE-2024-8867

CVE-2024-8867 affects Perfex CRM 3.1.6. The vulnerability exists in an unknown portion of the code path related to the Parameter Handler, specifically file application/controllers/Clients.php, where manipulation of the message argument enables cross-site scripting (XSS). The attack is possible re...

CVE-2024-8417

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be...

CVE-2024-8417 云课网络科技有限公司 Yunke Online School System videobind.html sensitive information in source

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be...

CVE-2024-8417

The CVE-2024-8417 entry concerns Yunke Online School System (versions up to 1.5.5). A flaw in the /admin/educloud/videobind.html component can cause sensitive information to be included in the source code. Exploitation is remote with high attack complexity and no user interaction required, and th...

CVE-2024-7496

CVE-2024-7496 concerns itsourcecode’s Airline Reservation System v1.0. The issue is a remote file inclusion caused by manipulating the page argument in /index.php, as described by multiple sources. The vulnerability is rated with high impact across confidentiality, integrity, and availability (pe...

CVE-2024-6181 LabVantage LIMS cross site scripting

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation of the argument height/width leads to cross site...

CVE-2024-35359

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=viewitem. Manipulating the argument id can result in SQL injection...

CVE-2024-35353

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization...

CVE-2024-35350

The CVE-2024-35350 entry concerns Diño Physics School Assistant v2.3. A SQL injection vulnerability exists in the code handling the endpoint /admin/?page=borrow/view_borrow, triggered by manipulating the id parameter. Affected component is the admin borrow viewing logic; root cause is unvalidated...

CVE-2024-35345

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting...

CVE-2024-35354

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=savecategory. Manipulating the argument id can result in SQL injection...

CVE-2024-35352

Diño Physics School Assistant 2.3 is affected by a cross-site scripting (XSS) vulnerability in the code path /classes/Users.php?f=save. The issue is triggered by manipulating the middlename parameter, enabling XSS as described in multiple sources. CVSS 3.1 metrics indicate NETWORK attack vector w...

CVE-2024-5360

PHPGurukul Zoo Management System 2.1 contains a SQL injection in /admin/foreigner-bwdates-reports-details.php via the fromdate parameter. The vulnerability allows remote exploitation and has been publicly disclosed. Several sources corroborate impact and scope but do not provide an available fix/...

CVE-2015-10132

A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated...