GHSA-XW45-CC32-442F Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...

SourceCodester Student Result Management System 安全漏洞

SourceCodester Student Result Management System is an open-source student grade management system developed by SourceCodester. Version 1.0 of the SourceCodester Student Result Management System contains a security vulnerability. This vulnerability stems from improper handling of parameter IDs in...

EUVD-2018-3272

Malware in sbrugna...

AndSoft e-TMS 命令注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...

Langley Online Banking System 代码注入漏洞

Langley Online Banking System is an online banking system from Langley Corporation. A code injection vulnerability exists in the Langley Online Banking System, which originates from a misuse of the parameter Error in file /connectionerror.php and could lead to a cross-site scripting attack...

VLA-RL 代码问题漏洞

VLA-RL is a visual language action model by the individual developer of lgx. A code issue vulnerability exists in VLA-RL, which stems from misuse of the parameter Message in the file experiments/robot/bridge/reasoningserver.py, which could lead to a deserialization attack...

roncoo-pay 安全漏洞

roncoo-pay roncoo payment system is an Internet payment system open-sourced by Lead Class Network RonCoo. A security vulnerability exists in roncoo-pay, which stems from a misuse of the parameter orderNo in the file /auth/orderQuery, which could lead to a direct request attack...

Apartment Management System add_fund.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /fund/addfund.php. An attacker can exploit this...

Linux Distros Unpatched Vulnerability : CVE-2020-25788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUESTurl in an error message...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mtons mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to misuse of the parameter input in the file /admin/options/update...

HortusFox 安全漏洞

HortusFox is a free and open source self-hosted plant manager system from HortusFox, Inc. A security vulnerability exists in HortusFox v4.4 that stems from a cross-site scripting attack due to misuse of the parameter email in the /controller/admin.php endpoint...

CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

TOTOLINK N302R Plus url parameter buffer overflow vulnerability

The TOTOLINK N300R Plus is a wireless router. The TOTOLINK N302R Plus buffer overflow vulnerability, which stems from a misuse of the parameter url, can be exploited by an attacker to execute arbitrary code...

CVE-2025-27444

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...

web-flash 安全漏洞

web-flash is an open source web system based on Spring Boot and Vue.js by enilu. A security vulnerability exists in web-flash version 1.0, which originates from a cross-site scripting attack due to a misuse of the parameter File...

CVE-2021-24462

The getgallerycategories and getgalleries functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in...

Code-Projects Real Estate Property Management System 安全漏洞

Code-Projects Real Estate Property Management System is an open source real estate property management system from Code-Projects. A security vulnerability exists in Code-Projects Real Estate Property Management System version 1.0, which stems from an incorrect operation of the parameters...

GHSA-M3PM-RPGG-5WJ6 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

Red Hat OpenShift 安全特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...

Huashi Private Cloud CDN Live Streaming Acceleration Server 操作系统命令注入漏洞

Huashi Private Cloud CDN Live Streaming Acceleration Server is a live streaming acceleration service from China Huashi. An OS command injection vulnerability exists in Huashi Private Cloud CDN Live Streaming Acceleration Server version 20240520 and earlier versions, which stems from a gross misus...