| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. |
| A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. |
| LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. |
| ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. |
| GDidees CMS <= v3.9.1 has a file upload vulnerability. |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. |
| Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. |
