76 matches found
EUVD-2003-0794
Malware in sbrugna...
EUVD-2022-37868
Malicious code in bioql PyPI...
EUVD-2025-6960
Malicious code in bioql PyPI...
Online Fire Reporting System 跨站脚本漏洞
Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in Online Fire Reporting System version 1.2, which stems from insufficient input validation of the parameters fullname, location, and...
Linux Distros Unpatched Vulnerability : CVE-2020-13941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler...
📄 Invision Community 4.7.20 SQL Injection
Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
Summary An authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as...
CVE-2024-27729
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature...
CVE-2022-34966
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...
CVE-2020-7229
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landinglocation. The function is countSearchedJobs. The file is lib/class.Job.php...
carRental 安全漏洞
carRental is a car rental software from carRental, Inc. A security vulnerability exists in carRental version v.1.0, which stems from the file/downloadFile.action?path=location contains a path traversal vulnerability...
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
PT-2024-17147 · Unknown · Code-Projects Simple Car Rental System
Name of the Vulnerable Software and Affected Versions: code-projects Simple Car Rental System version 1.0 Description: A critical issue has been found in the code-projects Simple Car Rental System. The problem is related to an unknown function of the file /book car.php, where the manipulation of...
Code-Projects Simple Car Rental System 注入漏洞
Code-Projects Simple Car Rental System is an open source car rental software from Code-Projects. An injection vulnerability exists in Code-Projects Simple Car Rental System version 1.0, which stems from incorrect manipulation of the parameters fname, idno, gender, email, phone, and location can...
CVE-2024-27729
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature...
CVE-2024-30980
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page...
CVE-2024-24041
A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php...
CVE-2024-24041
A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php...
PT-2024-20251 · Unknown · Travel Journal Using Php/Mysql
Name of the Vulnerable Software and Affected Versions: Travel Journal Using PHP and MySQL with Source Code version 1.0 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter ...
Travel Journal Cross-Site Scripting Vulnerability
Travel Journal is a travel journal for rems individual developers. A cross-site scripting vulnerability exists in Travel Journal v1.0 that could allow an attacker to execute arbitrary web script or HTML by injecting a crafted payload into the location parameter of /travel-journal/write-journal...