PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file/news-details.php, which may lead to SQL injection...

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

MiracleLinux 8 : kernel-4.18.0-348.12.2.el8_5 (AXSA:2022-3013:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3013:03 advisory. kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL CVE-2021-4155 kernel: fscontext: heap overflow in legacy parameter handling...

kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...

EUVD-2021-32243

Malicious code in bioql PyPI...

Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for the machine learning lifecycle. Mlflow suffers from a path traversal vulnerability that stems from improper handling of URL parameters. An attacker can use this vulnerability to gain access to a file or directory...

LSN-0102-1: Kernel Live Patch Security Notice

It was discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-1872 Lonial Con discovered that the...

ZTE MC801A 命令注入漏洞

The ZTE MC801A is a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

PT-2023-22140 · Samsung · Exynos Modem 5123 +3

Name of the Vulnerable Software and Affected Versions: Exynos Mobile Processor and Modem versions for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080 Description: An issue was discovered due to improper handling of parameters while binding a network interface, which can cause...

CVE-2020-12931

Improper parameters handling in the AMD Secure Processor ASP kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2020-12930

Improper parameters handling in AMD Secure Processor ASP drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

CVE-2020-12931

Improper parameters handling in the AMD Secure Processor ASP kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity...

OpenWrt 跨站脚本漏洞

OpenWrt, a Linux operating system for embedded devices, is vulnerable to a cross-site scripting vulnerability in OpenWrt version 21.02.1, which stems from the lack of effective filtering and escaping of user-submitted parameters in the NAT Rules Name screen. No detailed vulnerability details are...

Micro Focus NetIQ Access Manager Cross-Site Scripting Vulnerability

Micro Focus NetIQ Access Manager is a resource access control solution from Micro Focus UK. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A cross-site scripting vulnerability exists in the handling of ESP login parameters in...

CVE-2012-2596

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack...

tomcat: large number of parameters DoS

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service CPU consumption via a request that contains many parameters and parameter values, a different vulnerability...

Design/Logic Flaw

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service CPU consumption via a request that contains many parameters and parameter values, a different vulnerability...