CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

CVE-2019-25732

CVE-2019-25732 affects PHP EI-Tube Script 3. The vulnerability is an SQL injection in the search parameter that allows unauthenticated attackers to send crafted GET requests to the search endpoint to extract sensitive data (usernames, passwords, version details). Root cause is improper handling/e...

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

CVE-2019-25732

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

PT-2026-46202

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fixed the element length in servreglocpfrreqei. The element length declared in servreglocpfrreqei does not match the reason field of servreglocpfrreq. This caused a decoding error during PD crashes. In the...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +121 more potentially affected by unknown CVE via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3492...

CVE-2026-43108

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

@astrojs/cloudflare (>=13.0.0 <=14.0.0-alpha.0), @decocms/vite-plugin (>=1.0.0-alpha.1 <=1.0.0-alpha.2) +39 more potentially affected by CVE-2025-59427 via @cloudflare/vite-plugin (>=0.0.0-1bae8618b <=1.36.3)

@cloudflare/vite-plugin NPM version =0.0.0-1bae8618b, =13.0.0, =1.0.0-alpha.1, =0.1.0, =0.0.9, =1.0.0, =1.0.0, =1.0.0, =0.3.0, =0.2.2, =0.0.1, =0.1.0, =0.0.0-0d2e556, =0.0.1, =0.1.13 and more Source cves: CVE-2025-59427 Source advisory: OSV:GHSA-4PFG-2MW5-F8JX...

SUSE CVE-2024-39470

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfsfindevents In function eventfsfindevents,there is a potential null pointer that may be caused by calling updateeventsattr which will perform some operations on the member...

DEBIAN-CVE-2024-39470

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfsfindevents In function eventfsfindevents,there is a potential null pointer that may be caused by calling updateeventsattr which will perform some operations on the member...

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

CVE-2022-39810

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be...

Hpe FlexNetwork 5130 Ei Switch Series 安全漏洞

Hpe FlexNetwork 5130 Ei Switch Series is a series of switches from Hpe USA. A security vulnerability exists in the Hpe FlexNetwork 5130 Ei Switch Series version that originates from a local buffer overflow...

CVE-2020-36472

An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain...

CVE-2020-11885

WSO2 Enterprise Integrator 6.6.0 and earlier has an XXE vulnerability that can be triggered by a user with admin console access through the XML validator to cause unintended network invocations (e.g., SSRF) via an uploaded file. Root cause involves XML processing within the validator; exposed imp...

dveri-ei-60.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1078757 Security Researcher geeknik Helped patch 8826 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting dveri-ei-60.ru website and...

SQL Injection Vulnerability in Xinkao Online Marking System of Hebei Xinkao Education Technology Co.

Hebei Xinkao Education Technology Co., Ltd. is a professional high-tech enterprise dedicated to the informatization of educational applications, and has developed the Campus Card Management System, Xinkao Online Marking System and Home-School Interconnection System. Hebei Xinkao Education...