๐จ CVE-2021-27129
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.
๐@cveNotify
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2023-36375
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
๐@cveNotify
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
๐@cveNotify
Medium
[CVE-2023โ36375] XSS ON HOSTEL MANAGEMENT SYSTEM.
Discovered by: Ridhesh Gohil
๐จ CVE-2023-41537
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
๐@cveNotify
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
๐@cveNotify
GitHub
CVE-nu11secur1ty/vendors/phpjabbers/2023/Business-Directory-Script-Version-3.2 at main ยท nu11secur1ty/CVE-nu11secur1ty
Contribute to nu11secur1ty/CVE-nu11secur1ty development by creating an account on GitHub.
๐จ CVE-2024-33485
SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component
๐@cveNotify
SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component
๐@cveNotify
GitHub
SourceCodester CASAP Automated Enrollment System using PHP/MySQLi with Source Code login.php SQL injection ยท Issue #17 ยท CveSecLook/cve
SourceCodester CASAP Automated Enrollment System using PHP/MySQLi with Source Code login.php SQL injection NAME OF AFFECTED PRODUCT(S) CASAP Automated Enrollment System using PHP/MySQLi with Source...
๐จ CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.
๐@cveNotify
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.
๐@cveNotify
๐จ CVE-2025-12942
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-30398
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
๐จ CVE-2025-47179
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
๐@cveNotify
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2025-59499
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
๐@cveNotify
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2025-59504
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
๐@cveNotify
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
๐@cveNotify
๐จ CVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59509
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
๐@cveNotify
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2025-59510
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
๐@cveNotify
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
๐@cveNotify
๐จ CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
๐@cveNotify
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59513
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
๐@cveNotify
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2018-11544
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
๐@cveNotify
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
๐@cveNotify
Pastebin
CVE-2018-11544 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.