21 matches found
CVE-2026-6124
CVE-2026-6124 affects Tenda F451 1.0.0.7, specifically the httpd component’s function fromSafeMacFilter in /goform/SafeMacFilter. The issue involves a stack-based buffer overflow triggered by manipulating the argument page/menufacturer, with the attack described as remote and the exploit publicly...
CVE-2026-4994
A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...
SUSE CVE-2025-5167
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The...
CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
PT-2025-48388
Name of the Vulnerable Software and Affected Versions taosir WTCMS affected versions not specified Description A code injection issue exists in the fetch function of the /index.php file. Manipulation of the content argument can lead to code injection, and the attack can be initiated remotely. The...
CVE-2025-12234
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-9401 HuangDou UTCMS Login login.php comparison
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...
CVE-2025-1967
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /userdashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be...
CVE-2024-10807
The CVE-2024-10807 entry concerns PHPGurukul Hospital Management System v4.0. A vulnerability in the file hms/doctor/search.php arises from manipulating the argument searchdata, causing cross-site scripting (XSS). The issue is remotely initiable and the public exploit has been disclosed. Affected...
CVE-2024-5367
A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file eachextracurriculaactivities.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The...
CVE-2024-3463
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The...
Design/Logic Flaw
A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to t...
Cross site scripting
A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...
Cross site scripting
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/indextab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-0891
A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input alertdocument.cookie leads to cross site scripting. The attack can be launched remotely...
Cross site scripting
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2024-0265
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiate...
CVE-2023-6896
The CVE targets SourceCodester Simple Image Stack Website 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by unsafely handling the search parameter, as demonstrated by input like sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3e. Attacks can be initiated remotely and the exploit h...
CVE-2023-3830
A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...