Linux Distros Unpatched Vulnerability : CVE-2017-7416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. CVE-2017-7416 Note that Nessus relies on the presence of the package as...

pyLoad 资源管理错误漏洞

pyLoad is a free open source download manager written in Python by pyLoad Open Source. A resource management error vulnerability exists in pyLoad that stems from insufficient validation of the jk parameter, which could lead to excessive server CPU usage...

Reflected Cross Site Scripting (XSS)

microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...

Sports Management System match.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/match.php. An attacker can exploit this vulnerabilit...

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

CVE-2025-9060

CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

PT-2025-32222 · Bottinelli Informatical · Vedo Suite

Name of the Vulnerable Software and Affected Versions: Bottinelli Informatical Vedo Suite version 2024.17 Description: Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /api vedo/video/preview endpoint. This allows remote authenticated attackers t...

Exam Form Submission delete_s8.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes8.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

CVE-2025-53713 TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpmAPC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The...

PT-2025-31251 · Unknown · Phpgurukul Nipah Virus Testing Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Nipah virus NiV Testing Management System version 1.0 Description: phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of...

PT-2025-31191 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A SQL injection vulnerability exists in Human Resource Management System version 1.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases via the ci...

DEBIAN-CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

DbGate 安全漏洞

DbGate is a database manager in the DbGate open source. A security vulnerability exists in DbGate 6.4.3-premium-beta.5 and earlier versions, which stems from insufficient validation of file parameters and can lead to directory traversal...

CVE-2025-8197

...

Security Bulletin: Security Vulnerability Exists in QueueWatch UI of IBM Sterling B2B Integrator and IBM Sterling File Gateway Due to Lack of Validation of Request Parameters (CVE-2025-33014)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilty Vulnerability Details CVEID:CVE-2025-33014 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses a web link with untrusted references to an external site. A remote attacker could...

MeterSphere SQL注入漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A SQL injection vulnerability exists in MeterSphere versions prior to 3.6.5-lts, which stems from insufficient validation of the sortField parameter and could lead to SQL injection...

PT-2025-29494 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the pid parameter at the SEMCMS Infocategories.php file. Recommendations: Address the SQL injection issue by sanitizing or validating the pid parameter in t...

GHSA-QCJ2-99CG-MPPF Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered...

Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered...