Lucene search
+L

9 matches found

cnnvd
cnnvd
added 2026/06/05 12:0 a.m.8 views

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...

7.5CVSS6.4AI score0.00232EPSS
Exploits0References7
cnvd
cnvd
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23566)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00193EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-32135

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01416EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32114

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00192EPSS
Exploits0References2
cve
cve
added 2025/10/02 2:39 p.m.13 views

CVE-2025-59769

AndSoft e-TMS is affected by a reflected XSS vulnerability (CVE-2025-59769) in v25.03. The issue arises from insufficient input filtering/escaping for user-supplied data in parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within /clt/LOGINFRM_MOL.ASP, enabling an attacker to trigger JavaScri...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/10/02 2:7 p.m.14 views

CVE-2025-59740 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMCAT.ASP'...

9.3CVSS0.01416EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.6 views

PT-2025-40382

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.16 views

PT-2025-40386

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the l...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/08/30 6:19 p.m.5 views

CVE-2025-9533

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed t...

9.8CVSS7.1AI score0.09214EPSS
Exploits0References1
Rows per page
Query Builder