926 matches found
OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection
This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...
PT-2026-6886
Name of the Vulnerable Software and Affected Versions Bucketlister plugin for WordPress versions up to and including 0.1.5 Description The software contains a SQL Injection issue through the category and id attributes within its shortcode. Insufficient escaping of user-supplied parameters and...
CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...
CVE-2019-25303
The CVE-2019-25303 entry affects TheJshen ContentManagementSystem 1.04. It describes a SQL injection vulnerability exploitable via the GET parameter id, enabling boolean-based, time-based, and UNION-based techniques to extract or manipulate database information. The available documents consistent...
PT-2026-6462
Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...
Group Office 参数注入漏洞
Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained a parameter injection vulnerability. This vulnerability stemmed from the direct passing of the lang parameter to system commands, which coul...
Symfony parameter injection vulnerability
Symfony is a PHP framework developed by Symfony Inc. for web and console applications, along with a set of reusable PHP components. Symfony has a parameter injection vulnerability, which arises from the Process component improperly handling special characters when escaping parameters on Windows,...
CVE-2025-10024
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...
WatchYourLAN parameter injection vulnerability
WatchYourLAN is a lightweight network IP scanner developed by Andrew Erlikh individually using Go language. WatchYourLAN has a parameter injection vulnerability; this vulnerability arises from the lack of validation for the string provided by the user when processing the arpstrs parameter, which...
CVE-2025-10024
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...
CVE-2025-10024
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...
CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...
CVE-2025-10024
Technical details about CVE-2025-10024 are not publicly provided in the supplied documents; no affected versions, root cause, or remediation are stated. Monitor for updates from vendors and security advisories.
EUVD-2026-4166
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...
CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...
EXERT Education Management System has a security vulnerability
EXERT Education Management System is a comprehensive education management software developed by the Turkish company EXERT. The version 23.09.2025 and earlier of the EXERT Education Management System contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through...
PT-2026-3926
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...
GNU Inetutils 参数注入漏洞
GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...
Weblate: Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate
A vulnerability was discovered in the SSH management interface of Weblate, a web-based translation tool. The vulnerability allowed an attacker with administrative privileges to inject command-line arguments into the host parameter, leading to sensitive file disclosure on the server. The vulnerabl...
CVE-2022-50895
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...