548 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in the hugetlbfsparseparam function...
Linux Distros Unpatched Vulnerability : CVE-2016-1000006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions. CVE-2016-1000006 Note that Nessus relies on the...
Medium: libssh
Issue Overview: The privatekeyfromfile uses an uninitialized variable under certain conditions, such as if the file specified by the filename argument doesn't exist. This causes the code to return an invalid private key. This defect, in turn, might cause signing failure. The bug might also cause ...
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
...
CVE-2025-9832 SourceCodester Food Ordering Management System register-router.php sql injection
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2025-9829
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...
CVE-2025-30064
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...
CVE-2025-9700
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisherlist.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
Linux Distros Unpatched Vulnerability : CVE-2020-8034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability vi...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that stems from the decodeParam function not verifying the signature algorithm, which could lead to the generation of arbitrary user sessions...
Linux Distros Unpatched Vulnerability : CVE-2019-7337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without...
CVE-2025-52351
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...
CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...
Linux Distros Unpatched Vulnerability : CVE-2022-50012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in...
CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...
CVE-2025-8568
The CVE-2025-8568 entry relates to the WordPress GMap Generator (Venturit) plugin, with a Stored Cross-Site Scripting vulnerability in the h parameter affecting all versions up to 1.1. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Con...
Linux Distros Unpatched Vulnerability : CVE-2023-21106
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additiona...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the supportedDataTypeParam parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted...
CVE-2025-50467
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...
DEBIAN-CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...