Lucene search
+L

103 matches found

Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36535

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 4.0 Description: A SQL injection issue exists in PHPGurukul Small CRM version 4.0, specifically within the /profile.php file. The Name parameter is susceptible to manipulation, allowing for remote exploitation. Th...

9.8CVSS7.5AI score0.00384EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

SourceCodester Petshop Management System 代码问题漏洞

SourceCodester Petshop Management System is SourceCodester open source a pet store management system . A code issue vulnerability exists in SourceCodester Petshop Management System version 1.0, which stems from improper handling of parameters in the /admin/profile.php file, which can lead to...

7.2CVSS5.3AI score0.00427EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

PHPGurukul Time Table Generator System 安全漏洞

Time Table Generator System is a time table generator system. A cross-site scripting vulnerability exists in Time Table Generator System, which stems from the adminname parameter in the /admin/profile.php file not effectively filtering user input. No details of the vulnerability are available at...

5.4CVSS6.2AI score0.00241EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.9 views

PHPGurukul Employee Record Management System 注入漏洞

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter EmpCode in the file /myprofile.php. An attacker...

9.8CVSS8.2AI score0.00412EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:49 a.m.4 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.10 views

CVE-2023-49912

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS8AI score0.01822EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 7:15 a.m.3 views

CVE-2025-4153

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The...

9.8CVSS6.8AI score0.00438EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.10 views

PT-2025-6192 · WordPress · Geodirectory – Wp Business Directory Plugin

Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions up to, and including, 2.8.97 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...

6.4CVSS7.7AI score0.00426EPSS
Exploits0References6
OSV
OSV
added 2024/12/26 1:15 p.m.6 views

CVE-2024-12951

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /addpersonaldetails.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The...

9.8CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.8 views

PT-2024-17823 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Portfolio Management System MCA. The issue is related to an unknown function of the file /add personal...

9.8CVSS7.2AI score0.00673EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/12/26 12:0 a.m.4 views

1000 Projects Portfolio Management System MCA 安全漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from an incorrect manipulation of the parameter profile that can lead to...

9.8CVSS6.4AI score0.00673EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/26 12:0 a.m.3 views

1000 Projects Portfolio Management System MCA 安全漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from an incorrect manipulation of the parameter profile that can lead to...

9.8CVSS6.4AI score0.00698EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2024/06/11 10:15 a.m.3 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.0031EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/11 5:46 a.m.4 views

Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/09 3:15 p.m.4 views

CVE-2023-49912

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2024/04/09 3:15 p.m.4 views

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2024/03/01 10:15 p.m.2 views

CVE-2024-27744

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component...

6.1CVSS6.1AI score0.01335EPSS
Exploits4References1
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.4 views

SourceCodester Employee Management System SQL Injection Vulnerability

SourceCodester Employee Management System is a php-based website builder for employee performance management from SourceCodester. A SQL injection vulnerability exists in SourceCodester Employee Management System version 1.0, which is caused by a sql injection vulnerability in the txtfullname...

7.2CVSS8.1AI score0.00589EPSS
Exploits1References4
OSV
OSV
added 2024/01/04 2:15 p.m.5 views

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.9AI score0.00672EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.6 views

Online Notice Board System SQL Injection Vulnerability

Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in the v1.0 version of Online Notice Board System, which occurs when the dd parameter of the user/updateprofile.php page is processed without filtering the data and sending it to the database for...

9.8CVSS7.9AI score0.00672EPSS
Exploits1References3
Rows per page
Query Builder