π¨ CVE-2024-4654
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499.
π@cveNotify
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499.
π@cveNotify
GitHub
cve/sql2.md at main Β· Hefei-Coffee/cve
Contribute to Hefei-Coffee/cve development by creating an account on GitHub.
π¨ CVE-2024-34459
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
π@cveNotify
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
π@cveNotify
GitLab
[CVE-2024-34459] Heap buffer overflow with `xmllint --htmlout` (#720) Β· Issues Β· GNOME / libxml2 Β· GitLab
Organization Name: The OSLab of Peking University Tool and Version xmllint 2.12.6 Environment...
π¨ CVE-2025-4494
A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
A fatal error that can access the background without authorization Β· Issue #1 Β· JAdmin-JAVA/JAdmin
There are no login restrictionsοΌ The routes in the background can be accessed directly: Access the background to obtain super administrator privilegesοΌhttp://127.0.0.1:8999/admin Add users, view lo...
π¨ CVE-2025-4495
A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
A fatal error: There is an xss cross-site scripting vulnerability Β· Issue #2 Β· JAdmin-JAVA/JAdmin
Unauthorized XSS vulnerability POST /memoAjax/save HTTP/1.1 Host: IP:PORT Content-Length: 87 Connection: close id=469280819647000b01964707cd590001&value=<img+src="x"+onerror="...
π¨ CVE-2025-4819
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Ruoyi-v4.8.0 has an unauthorized offline vulnerability Β· Issue #4 Β· chujianxin0101/vuln
Vulnerability Author cds Vulnerability Description Ruoyi-v4.8.0 has an unauthorized offline vulnerability Vulnerability Type ultra vires Product Vendor https://gitee.com/y_project/RuoYi Affected Pr...
π¨ CVE-2025-5879
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Arbitrary File Upload vulnerability in WukongCRM-9.0-JAVA allows leads to Stored Cross-Site Scripting via Β· Issue #7 Β· Aiyakami/CVEβ¦
Arbitrary File Upload vulnerability in WukongCRM-9.0-JAVA allows leads to Stored Cross-Site Scripting via NAME OF AFFECTED PRODUCT(S) WukongCRM Vendor Homepage https://github.com/WukongSoftware AFF...
π¨ CVE-2025-6106
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
WukongCRM v9.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/role/relatedUser. Β· Issue #2 Β· luokuang1/CVE
WukongCRM v9.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/role/relatedUser. NAME OF AFFECTED PRODUCT(S) WukongCRM Vendor Homepage https://github.com/WuKongOpenSource/Wuk...
π¨ CVE-2025-10384
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-23348
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
π¨ CVE-2025-23349
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
π¨ CVE-2025-23353
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
π@cveNotify
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
π@cveNotify
π¨ CVE-2025-23354
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
π@cveNotify
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
π@cveNotify
π¨ CVE-2025-11503
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
phpgurukul Beauty Parlour Management System Project V1.1 /admin/manage-services.php SQL injection Β· Issue #9 Β· f000x0/cve
NAME OF AFFECTED PRODUCT(S) Beauty Parlour Management System Vendor Homepage https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ AFFECTED AND/OR FIXED VERSION(S) submitter ...
π¨ CVE-2025-11505
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
phpgurukul Beauty Parlour Management System Project V1.1 /admin/new-appointment.php SQL injection Β· Issue #10 Β· f000x0/cve
NAME OF AFFECTED PRODUCT(S) Beauty Parlour Management System Vendor Homepage https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ AFFECTED AND/OR FIXED VERSION(S) submitter ...
π¨ CVE-2025-11508
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/voters_add.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/voters_add.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
π₯1
π¨ CVE-2024-12687
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.
This issue affects PlexTrac: from 1.61.3 before 2.8.1.
π@cveNotify
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.
This issue affects PlexTrac: from 1.61.3 before 2.8.1.
π@cveNotify
Plextrac
Security Advisories | PlexTrac Documentation
π¨ CVE-2024-56378
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
π@cveNotify
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
π@cveNotify
GitLab
CMakeLists.txt Β· 30eada0d2bceb42c2d2a87361339063e0b9bea50 Β· poppler / poppler Β· GitLab
freedesktop.org GitLab login
π¨ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
π@cveNotify
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
π@cveNotify
Adportal
adportal.com - This website is for sale! - adportal Resources and Information.
This website is for sale! adportal.com is your first and best source for information about adportal. Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!
π¨ CVE-2025-34172
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
π@cveNotify
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
π@cveNotify
GitHub
Validate haproxy stat areas. Fixes #16411 Β· pfsense/FreeBSD-ports@04d1328
FreeBSD ports tree with pfSense changes. Contribute to pfsense/FreeBSD-ports development by creating an account on GitHub.
π¨ CVE-2025-34174
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
π@cveNotify
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
π@cveNotify
GitHub
Status_Traffic_Totals input validation. Fixes #16413 Β· pfsense/FreeBSD-ports@9e412ed
FreeBSD ports tree with pfSense changes. Contribute to pfsense/FreeBSD-ports development by creating an account on GitHub.
π¨ CVE-2025-34175
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
π@cveNotify
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
π@cveNotify
GitHub
Suricata: Fix various validation and encoding issues. Fixes #16414 Β· pfsense/FreeBSD-ports@97852cc
- Fix handling of files/hashes on suricata_filecheck.php
- Ensure suricata_ip_reputation.php is checking the proper path to iprep files
- Encode various outputs on suricata_flow_stream.php and
su...
- Ensure suricata_ip_reputation.php is checking the proper path to iprep files
- Encode various outputs on suricata_flow_stream.php and
su...