CVE-2025-9532

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-8784

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionariovinculocad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack ca...

CVE-2023-41527

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php...

CVE-2023-41527

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php...

GHSA-2RHQ-96Q8-4VJQ LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

CVE-2025-25686

semcms =5.0 is vulnerable to SQL Injection in SEMCMSFuction.php...

DEBIAN-CVE-2025-27834

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdffunc.c...

CVE-2024-48645

In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization CWE-862 allows any user to modify "function" files used by the game when installed on a dedicated server...

Command Block IDE 安全漏洞

Command Block IDE is a command line program for arm32x personal developers. A security vulnerability exists in Command Block IDE version 0.4.9 and earlier, which stems from a lack of authorization and allows any user to modify the function file used by the game when installed on a dedicated serve...

PT-2024-10839 · Discuzx · Discuzx

Name of the Vulnerable Software and Affected Versions: DiscuzX versions up to 3.4-20200818 Description: A problematic issue was found in the function show next step of the file upload/install/include/install function.php. The manipulation of the argument uchidden leads to cross-site scripting. It...

PT-2023-31587 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: Semcms version 4.8 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the AID parameter at the SEMCMS Function.php file. Recommendations: For Semcms version 4.8, consider restricting access to the SEMC...

CVE-2023-3274

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

playSMS 安全漏洞

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS v1.4.5 and earlier versions, which stems from a type confusion vulnerability in component /auth/fn.php that can be exploited by ...

CVE-2018-25075 karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection

A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rathe...

mariadb: assertion failure in sql/item_func.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14473)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14464)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...