104857 matches found
PT-2026-45118
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...
PT-2026-45116
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
Student-Management-System 代码注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of STUDENT-MANAGEMENT-SYSTEM contains a code injection vulnerability. This vulnerability stems from the Name parameter on the dashboard page, which contains cross-site scripting,...
PT-2026-45111
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...
CicadasCMS 代码注入漏洞
CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability. This vulnerability stems from the Search method in the...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ‘genre’ parameter, which may allow unauthenticated attackers to execute...
eNdonesia Portal SQL注入漏洞
eNdonesia Portal is a system platform developed by eNdonesia’s individual developers, offering functions for portal content management and information publishing. Version 8.7 of eNdonesia Portal has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...
PT-2026-45113
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the q parameter, which may allow unauthenticated attackers to execute arbitrary SQ...
PT-2026-45125
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...
Open ISES Project 路径遍历漏洞
The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the quality parameter, potentially allowing unauthenticated attackers to execute...
PT-2026-45119
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...
CVE-2026-9422
A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
CVE-2026-49378
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion...
CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE
A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...
EUVD-2026-33420
A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...