CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-33507

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

HD Tune Pro 安全漏洞

HD Tune Pro is a disk analysis tool developed by HD Tune Inc., used to test hard drive performance, health status, and detect errors. Version 5.70 of HD Tune Pro contains a security vulnerability. This vulnerability stems from a buffer overflow issue when submitting excessively long strings throu...

CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

Directory Traversal

AstrBot is vulnerable to Directory Traversal. The vulnerability is due to the handler function installpluginupload of the interface '/plugin/install-upload' parsing the filename from the request body provided by the user, and directly using the filename to assign to filepath without checking the...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

EUVD-2025-202628

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-65602

ChanCMS v3.3.4 contains a template injection vulnerability in the /vip/v1/file/save API endpoint that enables arbitrary code execution via a crafted POST request. Affected component/file: /vip/v1/file/save in ChanCMS 3.3.4. Root cause: template injection allowing code execution, as described acro...

PT-2025-50489

Name of the Vulnerable Software and Affected Versions ChanCMS version 3.3.4 Description A template injection issue exists in the /vip/v1/file/save component. Attackers can execute arbitrary code by submitting a specially crafted POST request. The vulnerable component is the /vip/v1/file/save API...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

EUVD-2025-38262

AstrBot contains a directory traversal vulnerability...

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

EUVD-2010-4024

Malware in sbrugna...

EUVD-2021-12757

Malware in sbrugna...

CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...