CVE-2025-34302

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

EUVD-2022-36687

Malicious code in bioql PyPI...

SRC-2025-0007 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

Code Injection

Overview Affected versions of this package are vulnerable to Code Injection via the saveService function. If dynamic service registration is enabled which it is not by default, a privileged attacker with access to the saveService interface and the ability to modify application.properties can...

CVE-2025-3984

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

Apereo CAS 注入漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. An injection vulnerability exists in Apereo CAS version 5.2.6, which originates from the file cas-5.2.6webapp-mgmtcas-management-webapp-...

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clearuser To clear a user buffer we cannot simply use memset, we have to use clearuser. With a virtio-mem device that registers a vmcorecb and has some logically unplugged...

CVE-2023-3619

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=saveservice of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The...

AC Repair and Services System SQL注入漏洞

AC Repair and Services System is an air conditioning repair and services system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in SourceCodester AC Repair and Services System version 1.0 due to some unknown processing in the Master.php?f=saveservice file in the componen...

CVE-2022-33644

Xbox Live Save Service Elevation of Privilege Vulnerability...

CVE-2022-33644

Xbox Live Save Service Elevation of Privilege Vulnerability...

CVE-2022-33644

CVE-2022-33644 affects Xbox Live Save Service and is an Elevation of Privilege on Windows/Xbox components. Connected data confirms the vulnerability type (privilege escalation) and relates it to Windows/Xbox Live Save Service. Public exploits exist for this CVE, and remediation is provided by Mic...

CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability

...

CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability

...

Xbox Live Save Service Elevation of Privilege Vulnerability

...

Easy!Appointments 1.2.1 - Cross-Site Scripting

Easy!Appointments 1.2.1 - Cross-Site Scripting Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities Vendor: Alex Tselegidis Product web page: http://www.easyappointments.org Affected version: 1.2.1 Summary: Easy!Appointments is a highly customizable web application that allows your...