CVE-2020-3994

VMware vCenter Server 6.7 before 6.7u3, 6.6 before 6.5u3k contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repositor...

PT-2025-21824 · Totolink · Totolink N300Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical issue affects the function CloudACMunualUpdateUserdata of the file "/cgi-bin/cstecgi.cgi". The manipulation of the url argument leads to command injection. This issue can be...

The vulnerability of the NFSD component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the NFSD component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the function nfsd4processcbupdate. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...

CVE-2024-41140

CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...

PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...

CVE-2024-13192

A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

PT-2025-2050 · Unknown · Zerowdd Myblog

Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A problem has been detected in the update function of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. This issue leads to cross site scripting attacks, which can be launched...

The vulnerability of the fln_update() function in the _all_edits.php (/_parse/_all_edits.php) script of the Job Recruitment system allows a perpetrator to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the flnupdate function in the alledits.php /parse/alledits.php personnel recruitment system is related to the failure to take measures to neutralize special elements when processing the parameters fname and lname. Exploiting this vulnerability can allow an intruder to gain...

The vulnerability of the cn_update() function in the _all_edits.php script (/_parse/_all_edits.php) of the Job Recruitment system allows a perpetrator to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the cnupdate function in the alledits.php /parse/alledits.php personnel recruitment system is related to the failure to take measures to neutralize special elements when processing parameters urle and cname. Exploiting this vulnerability can allow an attacker, operating...

CVE-2024-12980

A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function flnupdate of the file /parse/alledits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2024-12966

A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cnupdate of the file /parse/alledits.php. The manipulation of the argument cname/url leads to sql injection. The attack may be initiated remotely. The exploit has been...

Code-Projects Job Recruitment 注入漏洞

Code-Projects Job Recruitment is a job portal of Code-Projects open source. Code-Projects Job Recruitment version 1.0 suffers from an injection vulnerability, which originates from the parameter fname/lname in the flnupdate function of the file /parse/alledits.php, which can lead to SQL injection...

PT-2024-9923 · Unknown · Job Recruitment

Name of the Vulnerable Software and Affected Versions: Job Recruitment version 1.0 Description: A critical vulnerability has been found in the function fln update of the file / parse/ all edits.php. The issue is related to the lack of neutralization of special elements when processing the...

PT-2024-9925 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue affects the cn update function of the file / parse/ all edits.php. The manipulation of the cname and url arguments leads to SQL injection. The attack may be initiated...

PT-2024-17517 · Orbisius · Orbisius-Child-Theme-Creator

Name of the Vulnerable Software and Affected Versions: Child Theme Creator by Orbisius plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to unauthorized modification of data due to a missing capability check on the cloud delete and cloud update functions...

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

PT-2024-17560 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 1.0 Description: The issue is related to incorrect code generation management in the Template Handler component of the JFinalCMS system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The...

CVE-2024-50801

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...

CVE-2024-50802

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...