Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

WordPress plugin WCFM Marketplace 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

PT-2026-32895

Name of the Vulnerable Software and Affected Versions Radware Alteon vADC load-balancer version 34.5.4.0 Description A Reflected Cross-Site Scripting XSS issue allows an attacker to inject malicious scripts into the website. This can lead to unauthorized actions, data theft, or other malicious...

CVE-2025-41357

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

HCL Aftermarket DPC Cross-Origin Resource Sharing Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a cross-origin resource sharing vulnerability that can be exploited by an attacker to steal sensitive data or perform actions as a legitimate user...

HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

Nozomi Networks Arc 信任管理问题漏洞

Nozomi Networks Arc is an endpoint detection and response proxy software developed by Nozomi Networks, Inc. Nozomi Networks Arc has a vulnerability related to trust management. This vulnerability arises from the lack of server certificate verification during the Arc agent’s connection process. It...

CVE-2023-53877 Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...

Sanoma Clickedu 跨站脚本漏洞

Sanoma Clickedu is a comprehensive education management software platform from the Finnish company Sanoma. A cross-site scripting vulnerability exists in Sanoma Clickedu, which stems from reflected cross-site scripting in /students/carpetesvaries.php, which could lead to the execution of maliciou...

Code-Projects Library System SQL注入漏洞

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

School Fees Payment Management System /ajax.php?action=login File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement for the parameter Username in the file...

Courier Management System add-new-officer.php File SQL Injection Vulnerability

Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ManagerName in the file /add-new-officer.php. An attacker can exploit this...

School Fees Payment Management System /ajax.php File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

School Fees Payment Management System /ajax.php?action=save_student file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

Student Record Management System login.php File SQL Injection Vulnerability

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Improper Input Validation

Dragonfly is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in the gRPC and HTTP APIs, which allows an attacker to send crafted requests that create or read arbitrary files on a peer’s system, leading to data theft and potential remote code execution...