Lucene search
K

277 matches found

Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.14 views

PT-2026-7023

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A security flaw exists in itsourcecode School Management System 1.0. The issue involves SQL injection stemming from the manipulation of the ID argument within an unknown function of...

9.8CVSS5.4AI score0.00381EPSS
Exploits1References9
NVD
NVD
added 2026/02/06 1:15 p.m.8 views

CVE-2026-2018

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

9.8CVSS0.00326EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 12:2 p.m.30 views

CVE-2026-2018 itsourcecode School Management System controller.php sql injection

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

7.5CVSS0.00326EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 8:32 a.m.33 views

CVE-2026-2011 itsourcecode Student Management System controller.php sql injection

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public...

7.5CVSS0.00326EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Ziroom ZHOME A0101 命令注入漏洞

Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a command injection vulnerability. This vulnerability stems from the improper handling of the parameter “macType” in the “macAddrClone” function within the file...

7.5CVSS7.1AI score0.03335EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 11:32 p.m.5 views

CVE-2026-1551 itsourcecode School Management System controller.php sql injection

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

6.5CVSS5.8AI score0.0037EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:32 p.m.6 views

CVE-2026-1551

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

6.5CVSS5.8AI score0.0037EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/26 7:2 p.m.14 views

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

3.1CVSS6.5AI score0.00245EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

8.8CVSS7.9AI score0.0203EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 9:31 p.m.4 views

EUVD-2025-202723

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

7.3AI score0.02666EPSS
Exploits1References4
OSV
OSV
added 2025/12/11 7:15 p.m.4 views

CVE-2025-56127

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the getwanobj in file /usr/lib/lua/luci/controller/admin/common.lua...

8.8CVSS6.1AI score0.02742EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...

8.8CVSS6.9AI score0.02666EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-56111

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

7.5AI score0.02666EPSS
Exploits1References3
CVE
CVE
added 2025/12/10 4:50 p.m.34 views

CVE-2025-67637

CVE-2025-67637 affects Jenkins 2.540 and earlier, and LTS 2.528.2 and earlier. The issue is that build authorization tokens are stored unencrypted in job config.xml on the Jenkins controller, making them viewable by users with Item/Extended Read permission or with access to the controller filesys...

4.3CVSS6.3AI score0.00153EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/11/20 12:0 a.m.2 views

Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...

9.8CVSS8.2AI score0.00339EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

Web-Based Internet Laboratory Management System controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. The Web-Based Internet Laboratory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file /course/controller.php. An attacker...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

9.8CVSS8.2AI score0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/18 9:6 p.m.15 views

CVE-2025-13301

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS6.9AI score0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/18 9:6 p.m.14 views

CVE-2025-13299

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

9.8CVSS7AI score0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/17 9:2 p.m.3 views

CVE-2025-13301 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS7.2AI score0.00339EPSS
Exploits1References5
Rows per page
Query Builder