19038 matches found
EUVD-2026-4979
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-1551 itsourcecode School Management System controller.php sql injection
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-1551 itsourcecode School Management System controller.php sql injection
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-1551
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-1549 jishenghua jshERP PluginController uploadPluginConfigFile path traversal
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
EUVD-2020-30879
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2020-36972
CVE-2020-36972 affects SmartBlog 2.0.1. The details controller’s id_post parameter is vulnerable to blind SQL injection, allowing an attacker to extract database information by character-by-character comparison via crafted SQL queries. This is the core vulnerability described across multiple sour...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2020-36987
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...
CVE-2020-36987 Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...
CVE-2020-36987
CVE-2020-36987 affects Program Access Controller 1.2.0.0. The unquoted service path vulnerability is in PACService.exe and can be triggered during system startup or reboot to inject and run malicious executables with LocalSystem privileges. Root cause: unquoted service path allowing privilege esc...
kernel: KVM: arm64: Tear down vGIC on failed vCPU creation
A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...
SmartBlog security vulnerabilities
SmartBlog is a blog module developed by Muhammad Arifur Rahman. Version 2.0.1 of SmartBlog has a security vulnerability, which stems from blind SQL injection in the details controller’s idpost parameter, potentially allowing access to database information...
PT-2026-5238
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...