105502 matches found
TOTOLINK NR1800X 缓冲区错误漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a buffer error vulnerability. This...
Code-Projects Gym Management System 注入漏洞
Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a vulnerability related to SQL injection, which arises from incorrect handling of parameters in the file admin/editexercises.php,...
PT-2026-36485
Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description The server authentication token is accepted via a GET parameter in the app/Http/Controllers/Server/UniProxyController.php file. This causes the token to be exposed in URLs, such as the endpoint...
PT-2026-36297
Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description An issue exists in the '/ajax.php?action=save customer' endpoint where manipulation of the ID argument allows for SQL injection, a technique used to interfere with the...
PT-2026-36302
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
SourceCodester Pharmacy Sales and Inventory System 注入漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...
Apex LiveBOS 路径遍历漏洞
Apex LiveBOS is a rapid development tool developed by the Chinese company Apex. Versions of Apex LiveBOS 2.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from unknown functions in the Endpoint component file/feed/UploadImage.do, which allowed manipulation of the...
CVE-2026-37504
Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...
CVE-2025-69606
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
EUVD-2025-209607
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
PT-2026-36294
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279 B20210910. This affects the function sub 41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now publ...
CVE-2025-69606
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
Solutions VoIP GSVoIP web panel 跨站脚本漏洞
Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...
EUVD-2026-26668
Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...
Coding Standards MCP Server 路径遍历漏洞
Coding Standards MCP Server is a coding specifications and best practices query tool for gerve individual developers. A path traversal vulnerability exists in Coding Standards MCP Server, which stems from a misbehavior of the getstyleguide/getbestpractices function with the parameter Language in...
PT-2026-36261
Name of the Vulnerable Software and Affected Versions Fujian Apex LiveBOS versions prior to 2.1 Description A path traversal issue exists in the Endpoint component. A remote attacker can manipulate the filename argument in the '/feed/UploadImage.do' endpoint to access or overwrite files outside t...
Mix PHP SQL注入漏洞
Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is itsourcecode open source a courier management system. itsourcecode Courier Management System 1.0 version of an injection vulnerability , the vulnerability stems from the file /editstaff.php in the unknown function of the parameter ID improper operation ,...
MCP Asset Generation Server 路径遍历漏洞
MCP Asset Generation Server is a multi-type asset generation server for game development by the individual developer Suyog Sonwalkar. A path traversal vulnerability exists in MCP Asset Generation Server version 0.1.0, which stems from improper manipulation of the parameter statusFile in the...
EUVD-2026-26456
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...