CVE-2026-40623 SenseLive X3050 Missing Authorization

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchd...

EUVD-2022-34535

Malicious code in bioql PyPI...

Complaint Management System SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file /admin/between-date-complaintreport.php...

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...

Online Bus Reservation Site SQL Injection Vulnerability

Online Bus Reservation Site is an online bus reservation site. A SQL injection vulnerability exists in Online Bus Reservation Site version 1.0 due to a lack of validation of parameter Email against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQ...

RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33626)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter in the /WorkFlow/wfworkfinishfiledown.aspx file against external SQL input. An attacker can explo...

Hikvision DS-7604NI-K1 安全漏洞

Hikvision DS-7604NI-K1 is a network video recorder from Hikvision China. A security vulnerability exists in Hikvision DS-7604NI-K1 V4.30.096 build221220 and earlier versions, which stems from insufficient validation of parameters in messages, and can be exploited by an attacker to send a speciall...

CVE-2023-26072

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2022-43437

The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...

CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting

Exploit Title: SAP Internet Transaction Server ITS 6200.X.X - Session Fixation/ Cross-Site Scripting Dork: /scripts/wgate/ Date: 25.05.2018 Exploit Author: J. Carrillo Lencina 0xd0m7 Vendor Homepage: https://www.sap.com Version: SAP ITS 6200.X.X Category: Webapps Tested on: All Platforms CVE:...