690 matches found
GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...
PT-2026-2392
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the...
CVE-2021-31894
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...
CVE-2019-20059
paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...
Area9 Rhapsode 安全漏洞
Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from improper parameter manipulation and could lead to arbitrary file reads...
milvus 代码问题漏洞
milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. A code issue vulnerability exists in milvus version 2.6.7 and earlier, which stems from the incorrect manipulation of the parameter code of the function expr.Exec in the file pkg/util/expr/expr.go of the...
Code-Projects Online Product Reservation System SQL注入漏洞
Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from incorrect manipulation of the parameter id/qty in the file...
Code-Projects Online Music Site SQL注入漏洞
Code-Projects Online Music Site is an open source online music site by Code-Projects. A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, which stems from incorrect manipulation of the parameter ID in the file /Frontend/ViewSongs.php, which could lead to a SQL...
newbee-mall-plus 安全漏洞
newbee-mall-plus is an open source e-commerce system by newbee-ltd. A security vulnerability exists in version 2.0.0 of newbee-mall-plus, which stems from the incorrect manipulation of the parameter File in the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which coul...
Code-Projects Refugee Food Management System SQL注入漏洞
Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from incorrect manipulation of the parameters a/b/c/d in the file...
CVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
PT-2025-53388
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 that allows for remote SQL injection. The issue is located in the file /list report.php and involves manipulation of the...
Tenda WH450 安全漏洞
Tenda WH450 is a wireless access point from Tenda China. A security vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from an incorrect manipulation of the parameter page in the file /goform/NatStaticSetting, which could result in a stack buffer overflow...
Code-Projects Scholars Tracking System 安全漏洞
Code-Projects Scholars Tracking System is an open source scholars tracking system by Code-Projects. A security vulnerability exists in Code-Projects Scholars Tracking System version 1.0, which stems from an incorrect manipulation of the parameter postcontent in the file /home.php, which could lea...
CVE-2025-14832
A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...
EUVD-2025-203925
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...
CVE-2025-14081
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...
CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...
WordPress plugin Ultimate Member 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...