CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

CVE-2026-2686

CVE-2026-2686 affects SECCN Dingcheng G10 3.1.0.181203. The vulnerability is in the function qq of the file /cgi-bin/session_login.cgi, where manipulating the User parameter leads to remote OS command injection. Public PoC/exploit details exist; exploitation is possible remotely and has been disc...

EUVD-2019-0778

Malware in sbrugna...

EUVD-2020-24701

Malware in sbrugna...

EUVD-2021-1192

Malware in sbrugna...

EUVD-2018-18262

Malware in sbrugna...

EUVD-2019-7630

Malware in sbrugna...

EUVD-2018-0413

Malware in sbrugna...

EUVD-2025-23366

Malicious code in bioql PyPI...

Lichess: Path Traversal Vulnerability in Lila Project

A path traversal vulnerability was discovered in the Lila project that allowed an attacker to access arbitrary files on the server by manipulating user-supplied input to traverse outside the intended directory structure...

CVE-2024-13039

A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adduser.php. The manipulation of the argument name/email/password/number leads to sql injection. The attack may be launched remotely...

Path Traversal

org.noear:solon-view is vulnerable to path traversal. The vulnerability is due to insufficient validation of user input in the rendermav function, which allows the manipulation of the template argument to perform path traversal...

Cache Poisoning Vulnerability

Summary An attacker controlling the second variable of the translate function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. Details The opt.id parameter allows the overwriting of the cache key. If an attacker sets the id...

CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

CVE-2022-3215

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

ROS-2-1572

2.1572 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

CVE-2020-3313

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validatio...

CVE-2019-8157

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization...

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13

================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...