88727 matches found
CVE-2026-0568
The CVE affects code-projects Online Music Site 1.0, specifically the /Frontend/ViewSongs.php file where manipulation of the ID parameter enables SQL injection. This allows remote exploitation, and an exploit has been published. Root cause is unsanitized/incorrect handling of the ID argument in a...
CVE-2025-53414
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-15438
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...
CVE-2025-52864 QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-44013 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...
CVE-2026-0565 code-projects Content Management System delete.php sql injection
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available...
CVE-2026-0547
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CVE-2025-15431
UTT 512W firmware 1.7.7-171114 is affected by a buffer overflow in strcpy used by /goform/formFtpServerDirConfig; manipulating the filename argument can trigger overflow and allows remote exploitation. Public exploit exists; vendor did not respond to disclosure. Connected documents confirm the af...
CVE-2025-15428
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public an...
CVE-2025-15428
CVE-2025-15428 affects UTT 512W router (version 1.7.7-171114). The vulnerability is a buffer overflow in the strcpy usage of the /goform/formRemoteControl implementation, triggered by manipulating the Profile argument. This leads to a potential remote attack with a publicly available exploit. Mul...
CVE-2025-15427
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The research...
CVE-2025-15426
CVE-2025-15426 affects jackying H-ui.admin up to version 3.1. A flaw in the library file /lib/webuploader/0.1.5/server/preview.php allows unrestricted file uploads via a remotely exploitable path. Public PoC exists; vendor reportedly unresponsive. Impact is described as remote arbitrary file uplo...
CVE-2025-15420
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...
PT-2026-1047
Name of the Vulnerable Software and Affected Versions UTT 进取 512W version 1.7.7-171114 Description A flaw exists in the strcpy function within the /goform/formRemoteControl file. Manipulation of the Profile argument can lead to a buffer overflow, allowing for remote attacks. The exploit for this...
PT-2026-1059
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the Report argument within the file /worksheet/work edit.jsp. This allows for remote attacks. The exploit details have been publicly...
EUVD-2026-0008
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...
EUVD-2026-0017
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...
CVE-2025-15405 PHPEMS cross-site request forgery
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...
CVE-2025-15404
A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...
PT-2026-26528
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium...