476 matches found
CVE-2025-9440
CVE-2025-9440 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A vulnerable function is in /admin/add_title.php, where manipulating the Title argument permits cross-site scripting. The issue is exploitable remotely and publicly disclosed. Multiple connected sources...
CVE-2025-9434
The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...
CVE-2025-9434 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting
A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...
CVE-2024-46413
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...
PT-2025-34653 · Unknown · Rebuild 3.7.7
Name of the Vulnerable Software and Affected Versions: Rebuild version 3.7.7 Description: The software contains a Server-Side Request Forgery SSRF issue. This occurs through the type parameter within the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex function. Recommendations: Updat...
CVE-2024-46413
CVE-2024-46413 concerns Rebuild v3.7.7, where the SSRF vulnerability is triggered via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex function. The issue originates in the RBStoreController loadDataIndex path and exposes the system to server-side requests t...
CVE-2025-57762
CVE-2025-57762 : WeGIA, a web manager for charitable institutions, is vulnerable to a Stored Cross-Site Scripting (XSS) in the endpoint dependente_docdependente.php via the nome parameter. The vulnerability is triggered when untrusted input is stored on the server and later executed automatically...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.4.7, which stems from the presence of stored cross-site scripting in the nome parameter in the dependentedocdependente.php endpoint, which coul...
CVE-2025-9248 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RPpingGatewayByBBS of the file /goform/RPpingGatewayByBBS. The manipulation of the argument ssidhex results in...
CVE-2025-3671
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
CVE-2024-8393
CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...
CVE-2025-6221
CVE-2025-6221 affects the WordPress plugin Embed Bokun (≤0.23). Affected component: the align parameter; vulnerability type: Stored Cross‑Site Scripting . Conditions: authenticated attackers with at least Contributor rights can inject scripts that execute when any user visits the affected page. R...
PT-2025-33439 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability was identified in the processing of the file /admin/sms setting.php. Manipulation of the uname argument leads to a SQL injection. The attack may be...
CVE-2025-8946 projectworlds Online Notes Sharing Platform login.php sql injection
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
PHPGurukul Teachers Record Management System 注入漏洞
Teachers Record Management System is a teacher record management system. The Teachers Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search.php. An...
CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...
CVE-2025-8372
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/updates7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit h...
Art Gallery Management System edit-art-medium-detail.php File Cross-Site Scripting Vulnerability
Art Gallery Management System is an art gallery management system. Art Gallery Management System has a cross-site scripting vulnerability , the vulnerability stems from the /admin/edit-art-medium-detail.php file artmed parameter for the user to provide data lack of effective filtering and escapin...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
Beakon Learning Management System Sharable Content Object Reference Model 安全漏洞
Beakon Learning Management System Sharable Content Object Reference Model is a learning management system from Beakon Australia. A security vulnerability exists in Beakon Learning Management System Sharable Content Object Reference Model version V.5.4.3, which stems from mishandling of URL...