CVE-2025-9439

A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/editfaculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is...

CVE-2024-46484

TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component...

PT-2025-34765 · Unknown · N8N-Workflows

Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...

Linux Distros Unpatched Vulnerability : CVE-2025-24801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This...

CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

PT-2025-29839 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager. A Stored Cross-Site Scripting XSS vulnerability exists in the adicionar cor.php endpoint, allowing attackers to inject malicious scripts into the cor parameter...

CVE-2023-0707

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function deleterecord of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this...

CVE-2013-5761

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting...

DEBIAN-CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

UBUNTU-CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

CVE-2025-23035 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoquadrohorario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

PHPGurukul Boat Booking System 安全漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A security vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from an Image Upload Mechanism parameter in change-image.php that allows a local attacker to upload malicious PHP scripts...

PT-2024-26230 · Unknown · Itsourcecode Payroll Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Payroll Management System version 1.0 Description: The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of...

actidata actiNAS SL 2U-8 RDX Cross-Site Scripting Vulnerability

The actidata actiNAS SL 2U-8 RDX is a rackmount backup server from actidata. A cross-site scripting vulnerability exists in actidata actiNAS-SL-2U-8 version 3.2.03-SP1, which stems from a cross-site scripting vulnerability in nasSvr.php that allows remote attackers to inject arbitrary web script ...

Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

SUSE CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PHPOpenChat, 7 MAXdev MD-Pro, and 8 MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via...

PT-2023-12417 · Unknown · Nethserver

Name of the Vulnerable Software and Affected Versions: NethServer phonenehome affected versions not specified Description: A critical issue affects the function get info/get country coor of the file server/index.php, leading to sql injection. Recommendations: Apply a patch to fix this issue. As a...

PT-2023-12413 · Unknown · 01-Scripts 01Acp

Name of the Vulnerable Software and Affected Versions: 01-Scripts 01ACP affected versions not specified Description: A problematic issue has been found in 01-Scripts 01ACP, affecting some unknown processing. The manipulation of the argument $ SERVER'SCRIPT NAME' leads to cross site scripting. The...

CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...