CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-47786

CVE-2025-47786 affects Emlog 2.5.13. The vulnerability is a stored cross-site scripting issue in /admin/comment.php where the unvalidated parameter perpage_num is stored in the database (admin_commend_perpage_num) and the output is not filtered, allowing a registered user to inject JavaScript tha...

PT-2025-20802 · Billing · Billing

Name of the Vulnerable Software and Affected Versions: Billing Software version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the username parameter of the "loginCheck.php" resource does not validate the characters received and they are...

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /manage-notes.php. An attacker can...

Online Class and Exam Scheduling System class_save.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that stems from the lack of validation of the class parameter in the file /Scheduling/pages/classsave.php against an...

VulnCheck KEV: CVE-2021-41714

In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A path traversal vulnerability exists in JetBrains...

CVE-2025-2558

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...

PT-2025-17690

Name of the Vulnerable Software and Affected Versions The-wound WordPress theme version 0.0.1 Description The issue concerns the failure to validate certain parameters before using them to generate paths passed to include functions, allowing unauthenticated users to perform Local File Inclusion L...

CVE-2025-29339

Open5GS UPF (up to v2.7.2) is affected by CVE-2025-29339. An assertion failure occurs during PFCP Session Establishment Requests when PDN Type is 0, due to improper handling of an invalid value propagated from SMF (or via direct attack), leading to a fatal assertion and daemon crash. The vulnerab...

CVE-2024-42189

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

HCL BigFix Platform 安全漏洞

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform, which stems from insufficient validation of API...

PT-2025-16374 · Hcl · Hcl Bigfix Web Reports

Name of the Vulnerable Software and Affected Versions: HCL BigFix Web Reports affected versions not specified Description: The issue is related to a potentially weak validation of an API parameter, which might make HCL BigFix Web Reports subject to a Denial of Service DoS attack. Recommendations:...

CVE-2025-28408

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/deptId endpoint does not properly validate the deptId parameter...

CVE-2025-28408

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/deptId endpoint does not properly validate the deptId parameter...

CVE-2025-28408

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/deptId endpoint does not properly validate the deptId parameter...

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...

CVE-2023-53019

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what may result in an out-of-bounds access to array mdiomap. One existing case is stmmacinitphy that may pass -1 as addr. Therefore valida...

CVE-2023-53019

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what may result in an out-of-bounds access to array mdiomap. One existing case is stmmacinitphy that may pass -1 as addr. Therefore valida...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...