CVE-2026-7401

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that facilitates hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut, which stems from improper authorization checks during resource access. This vulnerability coul...

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

PT-2025-53804

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A weakness exists in Refugee Food Management System 1.0. The issue is related to the manipulation of the argument a/b/c/d in the file '/home/editfood.php', which can lead to SQL injection...

CVE-2025-14705

CVE-2025-14705 affects Shiguangwu sgwbox N3 2.0.25. A vulnerability in the SHARESERVER feature (unknown function) allows manipulation of argument params leading to command injection. The issue is exploitable remotely, with public disclosures indicating potential use. Multiple feeds (NVD, Red Hat,...

Rising Technosoft CAP back office application 安全漏洞

Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. A security vulnerability exists in the Rising Technosoft CAP back office application that stems from improper authentication checks in the API endpoint, allowing an unauthenticated, remote...

CVE-2024-10023

A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/addnewmedicine.php. The manipulation of the argument name/packing/genericname/suppliersname leads to sql injection. The attack can be initiate...

D-Link DIR-600 OS Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-600 version 2.18 and earlier, which stems from the fact that manipulation of service parameters can lead to os command injection. No details of the...

CVE-2024-28320

CVE-2024-28320 affects Hospital Management System version 1.0. The vulnerability is an Insecure Direct Object Reference (IDOR) in the /patient/edit-user.php endpoint, enabling an attacker to manipulate user parameters to gain unauthorized access and perform modifications. The NVD entry lists CVSS...

Cisco IOS XR Software iPXE Boot Signature Bypass (cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

Carlisting 1.6 Cross Site Scripting

Exploit Title: Carlisting 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/carlisting/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Th...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of unspecified characters in variable names. An attacker can exploit this vulnerability to manipulate or contaminate HTTP parameters by sending crafted requests with malicious variable...

Chaturbate: Account Takeover via billing

The hacker found that when subscribing to a fanclub the parameters could be manipulated to purchase a fanclub subscription for another user. This will set the email of the target account if they had no email on file. This could then be used to reset the password for the target user. The purchasin...

Security Bulletin: TADDM - BIRT viewer allow bypass authorization

Summary TADDM fails to properly check for authorization when allowing a user to view BIRT reports. It is possible to bypass authorization in the application via parameters manipulation in the BIRT reporting URL. Vulnerability Details CVE-2013-2974 BIRT viewer allow bypass authorization Descriptio...

Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5849/info A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI parameters...

PVote 1.0/1.5 Poll Content Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just by...

Apache Struts Remote Command Execution (CVE-2013-2251)

A Remote command execution vulnerability has been reported in Apache Struts. The vulnerability is due to a design flaw which allows attackers to manipulate parameters prefixed with action: redirect: redirectAction:...

Avahi privilege escalation

Insufficient Netlink parameters validation allow to manipulate server parameters...