CVE-2025-4326

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclose...

CVE-2025-4292

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...

CVE-2025-4248 SourceCodester Simple To-Do List System complete_task.php sql injection

A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /completetask.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

CVE-2025-2917

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-2638

CVE-2025-2638 affects JIZHICMS up to v1.7.0. The vulnerability resides in the Article Handler’s /user/release.html endpoint, where manipulating the ishot argument (e.g., input 1) leads to improper authorization. Exploitation can be performed remotely, and public disclosures exist. Multiple connec...

CVE-2025-2419 code-projects Real Estate Property Management System InsertFeedback.php sql injection

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to...

CVE-2025-2061 code-projects Online Ticket Reservation System passenger.php cross site scripting

A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-2057 PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-10991

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-0487

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/catedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-10135 ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2024-9787 Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

CVE-2024-9569

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely...

CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

Cisco Smart Software Manager On-Prem SSM On-Prem is a Cisco component for Cisco product license management. Cisco Smart Software Manager On-Prem SSM On-Prem suffers from a SQL injection vulnerability that originates from the web-based management interface not adequately validating user input. An...

CVE-2010-10001 Shemes GrabIt NZB Date Parser denial of service

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the...

Design/Logic Flaw

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Ember.js Cross-Site Scripting Vulnerability

Tilde Ember.js is the United States Tilde company's set of JavaScript framework for creating Web applications . A cross-site scripting vulnerability exists in Ember.js. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

BigAnt IM Server DDNF username Field Remote Overflow

Added: 04/22/2013 BID: 58998 OSVDB: 92239 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt IM Server is vulnerable to buffer overflow in the expsrv.dll library as a result of improper validation of...

vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing

source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote attackers may potentially exploit th...