54730 matches found
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
EUVD-2021-34756
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47916
The EUVD entry EUVD-2021-34755 documents a vulnerability in Simple CMS 2.1: a remote SQL injection that lets an attacker inject unvalidated SQL via the users module, exploiting unvalidated input in admin.php to compromise the database management system and the web application. The connected docum...
CVE-2021-47909
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47911
Affiliate Pro 1.7 is affected by multiple reflected cross-site scripting (XSS) vulnerabilities in the index module’s input fields. The attacker-controlled parameters fullname, username, and email can inject scripts to trigger client-side attacks and manipulate browser requests. The CVE details in...
CVE-2021-47911
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
EUVD-2021-34760
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
CVE-2021-47909
CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
Exploit for CVE-2026-30480
CVE-2026-30480: LibreNMS Local File Inclusion LFI via Path T...
SUSE CVE-2026-23024
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak of flow steer list on rmmod The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Module removal with active entries causes memory leak as th...
OSV-2025-1068 Security exception in java.base/java.util.Arrays.copyOfRange
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479873902 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange java.base/java.lang.StringLatin1.newString java.base/java.lang.StringBuilder.toString...
PT-2026-5556
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
PT-2026-5560
Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0 Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allow...
PT-2026-5562
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
Affiliate Pro 跨站脚本漏洞
Affiliate Pro is an alliance management system developed by JD Web Designer individuals. Version 1.7 of Affiliate Pro contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripting vulnerabilities in the input fields of the indexing module,...
PT-2026-5555
Name of the Vulnerable Software and Affected Versions Mult-E-Cart Ultimate version 2.4 Description The software contains multiple SQL injection flaws within the inventory, customer, vendor, and order modules. Attackers with vendor or administrator privileges can exploit the id parameter to execut...