46 matches found
ROS-20260324-73-0030
A vulnerability in the pnvphp component of the Linux operating system is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...
CVE-2025-69768
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...
CVE-2025-63526
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...
PT-2025-48456
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
EUVD-2021-15731
Malware in sbrugna...
EUVD-2009-2396
Malware in sbrugna...
Car Rental Project Session Hijacking Vulnerability
Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...
CVE-2024-22638
liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...
CVE-2023-42331
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manageuploads.php component...
CVE-2023-26817
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2025-44073
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...
CVE-2025-44072
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component adminmanager.php...
Linux Distros Unpatched Vulnerability : CVE-2019-9640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exifprocessSOFn...
CVE-2024-46532
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...
CVE-2024-44817
SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component...
CVE-2024-44817
SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component...
PT-2023-8870 · Unknown · Ce Phoenix
Name of the Vulnerable Software and Affected Versions: CE Phoenix versions 1.0.8.20 and earlier Description: The issue is related to insufficient neutralization of special symbols in the english.php component, allowing a remote attacker to execute arbitrary code, escalate privileges, and obtain...