1228 matches found
PremSQL 代码注入漏洞
PremSQL is an AI data analysis tool library for translating localized text into SQL, developed by Prem Open Source. Versions of PremSQL 0.2.1 and earlier contained a code injection vulnerability, which was caused by incorrect handling of the result parameter, potentially leading to code injection...
CVE-2021-27124
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...
OESA-2026-1727 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
OESA-2026-1726 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
OESA-2026-1725 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
OESA-2026-1724 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
CVE-2026-33729
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument gamename results in cross site scripting. The attack may be performed from remote. The exploit...
CVE-2026-3982
A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit h...
CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2019-25602
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an...
GHSA-64HM-GFWQ-JPPW Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Summary The Allure report generator is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json, -container.json, or .plist that points an attachment source to a sensitive file on the host system. During repor...
CVE-2026-4356
A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /addresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...
EUVD-2026-12706
A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /addresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2026-4356
Affects itsourcecode University Management System 1.0. The vulnerability is in an unknown function of the file /add_result.php; manipulating the vr argument enables cross-site scripting. The attack can be conducted remotely and, per the sources, exploits have been published and may be used. No re...
PT-2026-26001
A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...
EUVD-2026-12249
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
phpIPAM SQL注入漏洞
phpIPAM is an open-source IP address management application IPAM based on PHP and MySQL. Versions of phpipam 1.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file app/admin/sections/edit-result.php, specifically the...