Projectworlds Hospital Management System 注入漏洞

Projectworlds Hospital Management System is a hospital management system developed by the Austrian company Projectworlds. Version 1.0 of the Projectworlds Hospital Management System has a SQL injection vulnerability. This vulnerability arises from the function getAllPatientDetail in the GET...

EUVD-2026-25396

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...

CVE-2026-35606

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

CVE-2026-35606

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

EUVD-2026-15029

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file updatecustomerdetails.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can b...

CVE-2026-33011 Nest Fastify HEAD Request Middleware Bypass

Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using @nestjs/platform-fastify GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers if they exist. As a...

PT-2025-40807

Name of the Vulnerable Software and Affected Versions ixmaps website2017 versions prior to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0 Description A security flaw exists that allows for cross site scripting. The issue is related to the manipulation of the trid argument within an HTTP GET request...

EUVD-2025-16580

Malicious code in bioql PyPI...

EUVD-2024-31757

Malicious code in bioql PyPI...

SiberianCMS 代码注入漏洞

SiberianCMS is an open source and free application manufacturing software from SiberianCMS Inc. A code injection vulnerability exists in SiberianCMS version 4.20.6, which originates in the file /app/sae/design/desktop/flat of the component HTTP GET request handler can lead to a cross-site scripti...

CVE-2024-10916

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiat...

PT-2024-15535 · Deshang · Deshang Dsshop

Name of the Vulnerable Software and Affected Versions: DeShang DSShop versions up to 3.1.0 Description: A vulnerability was found in the HTTP GET Request Handler component, specifically affecting the file public/install.php. This issue leads to improper access controls and can be initiated...

CVE-2023-5578

A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...

Online School Fees System SQL注入漏洞

Online School Fees System is an online tuition system. A SQL injection vulnerability exists in Online School Fees System v1.0, which originates from a lack of validation of the parameter namestartsWith for externally entered SQL statements in the file ajx.php in the component GET Parameter Handle...

PT-2023-16625 · Unknown · Sourcecodester Music Gallery Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical issue has been discovered, affecting the GET Request Handler component in the music list.php file. The manipulation of the cid argument leads to SQL injection, allowing for...

Red Hat JBoss Authentication Bypass Vulnerability

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method...

NanoHTTPD Cross-site Scripting vulnerability

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

GHSA-PR5M-4W22-8483 NanoHTTPD Cross-site Scripting vulnerability

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

CVE-2020-13697

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...