19 matches found
CVE-2026-13768
CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...
EUVD-2025-204440
A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public...
CVE-2025-14939
CVE-2025-14939 affects code-projects Online Appointment Booking System 1.0. The vulnerability is in the file /admin/deletemanager.php, where manipulation of the parameter managername causes SQL injection. A remote attacker could exploit this, and the exploit has been publicly disclosed. Several c...
EUVD-2023-44423
Malicious code in bioql PyPI...
CVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpgamgrtestimgloadsgt fpgamgrtestimgloadsgt allocates memory for sgt using kunitkzalloc however it does not check if the allocation failed. It then passes sgt to sgalloctable, which passe...
CVE-2025-45879
A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...
PT-2025-25740 · Unknown · Miliaris Amigdala
Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the report manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For Miliaris...
CVE-2025-45879
CVE-2025-45879 describes a cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 . The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The available metrics indicate a CVSS v3.1 base score of 6.1 (Medium) ...
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...
CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...
CVE-2024-40125
The CVE-2024-40125 entry concerns Closed Loop Technology CLESS Server v4.5.2, where the Media Manager’s file upload endpoint is vulnerable to arbitrary PHP file uploads. The underlying issue enables remote code execution because a crafted PHP file can be uploaded and subsequently executed on the ...
CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...
The vulnerability of the cgi_FMT_R12R5_2nd_DiskMGR function in the /cgi-bin/hd_config.cgi component of D-Link routers’ microprogramming software allows a attacker to execute arbitrary code.
The vulnerability of the cgiFMTR12R52ndDiskMGR function in the /cgi-bin/hdconfig.cgi component of D-Link routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2024-8138
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql...
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function...
PT-2023-20233
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11.1 TensorFlow versions prior to 2.12.0 Description TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. The issue is related to the...
FUDForum Cross-Site Scripting Vulnerability (CNVD-2022-70051)
FUDForum is a PHP-based forum software. version 3.1.2 of FUDForum contains a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks with the help of the forum name field in the forum manager function...
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability
,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April 20...
Wolf CMS 0.8.2 - Arbitrary File Upload
Wolf CMS 0.8.2 - Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS...