Cradle eCommerce 输入验证错误漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a vulnerability related to input validation. This vulnerability stems from improper validation of the returnUrl parameter in the login...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with NCI packet parameter validation. This vulnerability may lead to communication failures...

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

PT-2026-38906

Name of the Vulnerable Software and Affected Versions Cradle eCommerce platform affected versions not specified Description An open redirection issue exists in the login form endpoint. The application accepts a URL through the returnUrl parameter without proper validation, allowing users to be...

PT-2026-38642

Name of the Vulnerable Software and Affected Versions SourceCodester Comment System version 1.0 Description An issue exists in the processing of the 'post comment.php' file. Manipulation of the Name argument allows for SQL injection, which can be exploited remotely. Recommendations At the moment,...

PT-2026-38657

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description A flaw in the '/index.php?page=users' endpoint allows for remote cross-site scripting XSS, which occurs when an attacker manipulates the Name argument. Cross-site...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the bin2hex parameter in the q54sj108a2debugfsread function, which leads to a stack buffer...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

PT-2026-38653

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

xiaozhi-mcphub 路径遍历漏洞

xiaozhi-mcphub is an MCP tool bridge and multi-endpoint management tool adapted to Xiaozhi AI platform by Junsen Huang's personal developer. A path traversal vulnerability exists in xiaozhi-mcphub 1.0.3 and earlier versions, which originates from the operation of the parameter manifest.name in th...

Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

CVE-2026-8117

CVE-2026-8117 concerns SourceCodester Pizzafy Ecommerce System 1.0. The issue arises from vulnerable handling of the argument in /admin/index.php , allowing cross-site scripting (XSS) via manipulated input. The attack can be carried out remotely and the exploit has been publicly disclosed. The co...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

EUVD-2026-28443

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

EUVD-2026-28425

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...