CVE-2026-5529

CVE-2026-5529 affects Dromara lamp-cloud up to 5.8.1. The vulnerability is in DefUserController.pageUser; manipulation of the pageUser function leads to improper authorization. The issue is exploitable remotely and the exploit is public. Public notifications were sent to the project via an issue,...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2025-14666

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

PT-2025-51168

Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A weakness exists in itsourcecode COVID Tracking System version 1.0 that allows for SQL injection. The issue is located in the file /admin/?page=user and involves manipulation of the...

itsourcecode COVID Tracking System SQL注入漏洞

itsourcecode COVID Tracking System is a new coronary pneumonia tracking system open-sourced by itsourcecode. An SQL injection vulnerability exists in version 1.0 of itsourcecode COVID Tracking System, which stems from an incorrect manipulation of the parameter Username in the file...

EUVD-2025-201668

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used...

Malicious code in @espace-client-axafr/page-user-profile (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-8882

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

TOTOLINK A3002RU NAT Mapping Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the NAT Mapping Page component parameter Comment, for...

CVE-2024-48454

An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component...

SourceCodester Purchase Order Management System 安全漏洞

Sourcecodester Purchase Order Management System is a simple purchase order management system used to manage the purchase order records of a particular company. A security vulnerability exists in SourceCodester Purchase Order Management System version v1.0, which originated from a vulnerability th...

PT-2023-22564 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A vulnerability was found in the Manage User Page component, specifically affecting the "admin/?page=user/manage user" endpoint. The issue arises from the manipulation ...

PT-2023-17358 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue has been found in the Avatar Handler component, specifically affecting an unknown functionality of the file /admin/?page=user. This issue leads to...

CVE-2022-43614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

PT-2023-16721 · Unknown · Sourcecodester Music Gallery Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical issue has been found, affecting an unknown function of the file /admin/?page=user/manage. The manipulation of the id argument leads to sql injection, allowing for remote...