EUVD-2026-8584

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

school-management-system SQL注入漏洞

school-management-system is a PHP school management system for schools or small organizations developed by Shubham kumar, an individual developer. A SQL injection vulnerability exists in school-management-system version 1.0, which stems from incorrect manipulation of the parameter select in the...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CmsEasy 路径遍历漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A path traversal vulnerability exists in CmsEasy version 7.7.7.9, which stems from a path traversal caused by the parameter select in...

PT-2024-27150 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue allows attackers to cause a Denial of Service DoS via inputting a negative value into the oneflow.index select parameter. Recommendations: For Oneflow version 0.9.1, as a temporary workaround,...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

Didotech srl Engineering & Lifecycle Management SQL Injection Vulnerability

Didotech srl Engineering & Lifecycle Management is a suite of open source commercial applications from Didotech srl. A security vulnerability exists in Didotech srl Engineering & Lifecycle Management aka pdm versions prior to 14.0.1.0.0, prior to 15.0.1.0.0, and prior to 16.0.1.0, which originate...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

PT-2022-17937

Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...

Cisco EPC3928 Denial of Service Vulnerability

Cisco EPC3928 is a wireless router product from Cisco USA. A security vulnerability exists in goform/Docsissystem on the Cisco EPC3928. A remote attacker can exploit this vulnerability to cause a denial of service device crash with the help of a long 'LanguageSelect' parameter...

CVE-2011-0265

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long dataselect1 parameter...

PT-2010-4293 · Zabbix · Zabbix

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 1.8.3rc1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the formatQuery function. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific...

Unfixed XSS vulnerability at www.draugi.lv

Security researcher loxaXcracker, has submitted on 16/08/2008 a cross-site-scripting XSS vulnerability affecting www.draugi.lv, which at the time of submission ranked 3001016 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2008. It is...