PT-2026-2127

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

CVE-2023-29087

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After...

CVE-2023-45347

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

GHSA-VP8W-WJ4M-3R7J evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.1.0 and earlier versions, which stems from insufficient validation of the src query parameter and could lead to a server-side request forgery attack...

StreamVault 操作系统命令注入漏洞

StreamVault is a video parsing and downloading tool from the individual developers at MochiMoon. An operating system command injection vulnerability exists in StreamVault versions prior to 251126, which stems from an insufficiently validated configuration of the yt-dlp parameter and could lead to...

CVE-2025-14499

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

VideoFlow Digital Video Protection 安全漏洞

VideoFlow Digital Video Protection is a broadcast-quality video delivery device from VideoFlow, Inc. A security vulnerability exists in VideoFlow Digital Video Protection version 2.10, which stems from insufficient validation of the ID parameter and could lead to a directory traversal attack...

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from the Italian company LogicalDOC. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which stems from insufficient validation of the suffix and fileVersion parameters and could lead to arbitrary file disclosure...

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

Online Ordering System user_school.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter productid in the file /userschool.php. An attacker can exploit this...

EUVD-2025-201921

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

ReQuest Serious Play Media Player 安全漏洞

ReQuest Serious Play Media Player is a media player software from ReQuest Serious Play, Inc. A security vulnerability exists in ReQuest Serious Play Media Player version 3.0 that stems from not properly validating file parameters, which could allow an attacker to read the contents of a local file...

ProudMuBai GoFilm 代码问题漏洞

ProudMuBai GoFilm is a multi-player auto-capture online movie and TV site by ProudMuBai's personal developer. A code issue vulnerability exists in ProudMuBai GoFilm version 1.0.0 and 1.0.1, which stems from insufficient validation of the File parameter in the SingleUpload function in the...

CVE-2025-66205

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...