CVE-2024-2622

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterpriseuuid leads to sql injection. It is...

EUVD-2025-15535

Malicious code in bioql PyPI...

CVE-2025-8498

A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly...

CVE-2025-6417

A vulnerability has been found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-artist.php. The manipulation of the argument awarddetails leads to sql injection. The attack can be launched...

CVE-2025-5157

The CVE-2025-5157 issue affects H3C SecCenter SMP-E1114P02 up to 20250513. It targets the function fileContent in /cfgFile/fileContent, where manipulating the filePath argument enables path traversal. The vulnerability is exploitable remotely and is classified as critical. The available documents...

CVE-2024-7853

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7069

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employeegatepass/classes/Master.php?f=deletedepartment. The manipulation of the argument id leads to sql...

CVE-2023-4445

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2;=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The...

CVE-2025-3353

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-3333

A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menuupdate.php. The manipulation of the argument menu leads to sql injection. The attack can be launched...

CVE-2025-3039

A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addemployee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2025-2728 H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. ...

CVE-2025-2721

Removed by vendor...

CVE-2025-2707 zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path...

CVE-2025-2679 PHPGurukul Bank Locker Management System contact-us.php sql injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-1535

The CVE-2025-1535 entry relates to Baiyi Cloud Asset Management System version 8.142.100.161. A vulnerability exists in the file /wuser/admin.ticket.close.php where manipulating the ticket_id parameter causes an SQL injection. The issue is exploitable remotely, and the exploit has been disclosed ...

CVE-2025-0786 ESAFENET CDG appDetail.jsp sql injection

A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

CVE-2024-0497 Campcodes Student Information System sql injection

A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...

Command injection

A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os...

Design/Logic Flaw

A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/applyvacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The...