EUVD-2024-49286

Malicious code in bioql PyPI...

PT-2025-3785 · Unknown · Campcodes Project Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Project Management System version 1.0 Description: A critical issue has been found in the code of the file /forms/update forms.php?action=change pic2&id=4, allowing for unrestricted upload due to the manipulation of the argument fil...

PT-2024-35750 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA version 3.2.0 Description: Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gateway pagamento.php allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id...

PT-2024-22850 · Kasda · Kasda Linksmart Router Kw6512

Name of the Vulnerable Software and Affected Versions: Kasda LinkSmart Router KW6512 versions = v1.3 Description: The issue is related to Multiple OS Command Injection vulnerabilities. An authenticated remote attacker can execute arbitrary OS commands via various cgi parameters. Recommendations:...

PT-2024-31176 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is related to a stack overflow via the adv.iptv.stballvlans parameter in the formGetIptv function. This allows for potential exploitation. No information is provided about the estimated numb...

PT-2024-26109

Name of the Vulnerable Software and Affected Versions GP Premium plugin for WordPress versions up to, and including, 2.4.0 Description The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-3774

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...

PT-2024-20228 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue is related to SQL Injection. The com.jsh.erp.controller.MaterialController, specifically the getListWithStock function, does not properly filter the column and order parameters, allowing an attacker t...

PT-2023-27660 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: The issue is related to a Buffer Overflow, where the Index parameter does not verify the length. This can lead to potential exploitation. No information is provided about the estimated number of...

PT-2023-22699 · Atlassian +1 · Confluence +1

Name of the Vulnerable Software and Affected Versions: MoroSystems EasyMind - Mind Maps plugin versions prior to 2.15.0 for Confluence Description: The issue allows persistent XSS when saving a Mind Map with the hyperlink parameter. This can lead to the execution of malicious scripts within the...

PT-2022-27443 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The Web-Based Student Clearance System contains a cross-site scripting XSS issue in the /Admin/add-student.php endpoint. This allows attackers to execute arbitrary web scripts or HTM...

CVE-2022-40765

The CVE-2022-40765 issue affects Mitel MiVoice Connect, specifically the Edge Gateway component, where insufficient restriction of URL parameters allows an authenticated attacker with internal network access to perform a command injection. Connected sources confirm an internal-network, authentica...

PT-2022-5717 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to a buffer overflow error in the Netgear R7000P router's software. This can be exploited by a remote attacker through the openvpn server ip parameter, potentially allowing the...

PT-2022-22912 · Fork · Fork

Name of the Vulnerable Software and Affected Versions: Fork version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the publish on date Parameter. This issue was patched in version 5.11.0, which means all versions prior to 5.11.0 are affected...

CVE-2019-7684

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

CVE-2018-19548

CVE-2018-19548 affects EduSec prior to or up to version 4.2.6 where the login endpoint (index.php?r=site%2Flogin) does not restrict a sequence of LoginForm[username] and LoginForm[password] parameters. This input handling flaw can enable remote attackers to attempt brute-force access against the ...

PT-2008-2243 · WordPress · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook plugin for WordPress versions 1.7.0 and 1.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the gbname, gbemail, gburl, and gbmsg parameters to unspecified programs, potentially leading...

CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...