321 matches found
CVE-2024-36673
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...
CVE-2025-24966
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...
CVE-2022-21643
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...
CVE-2022-36100
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2024-57329
HortusFox v3.9 is affected by a stored XSS in the Add Plant function. The name field does not sanitize/escape input, enabling injection and execution of arbitrary JavaScript payloads. Several connected sources confirm the vulnerability as a stored XSS (CVE-2024-57329) and note a temporary workaro...
CVE-2024-57886 mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...
CVE-2025-23030 Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...
CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...
CVE-2024-11759
CVE-2024-11759 (Bukza) is a WordPress plugin vulnerability: the Bukza shortcode in versions up to and including 2.0.0 is affected by a stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes. This allows an authenticated attacker wi...
SQL Injection
github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...
Cross-Site Scripting (XSS)
github.com/mudler/localai is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation and inadequate sanitization of user inputs when passing parameters to the delete model API, allows malicious scripts to be stored and executed in the application...
Node.js: Improper error handling in async cryptographic operations crashes process
The C++ method SignTraits::DeriveBits incorrectly called ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process...
GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-46872
Mattermost versions 9.10.x ≤ 9.10.2, 9.11.x ≤ 9.11.1, 9.5.x ≤ 9.5.9 expose a frontend input sanitization flaw used for redirection, enabling a one-click client-side path traversal that leads to CSRF in Playbooks. Root cause: improper sanitization in frontend redirection logic. Impact: CSRF in Pla...
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...
CVE-2024-48509
Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...
CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering
RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...
CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering
RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...
CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering
RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...