CVE Vulnerabilities

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnera...

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrat...

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass ...

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux....

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the...

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username...

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper...

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property...

A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing ...

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to co...

Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() wit...

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows <style> elements in SVG content but never inspects their text content. CSS url() refer...

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipula...

A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipu...

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra...

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The a...

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper...

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes...

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGu...

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulner...

A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/co...

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument m...

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads...

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Thi...

DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied optio...

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path tra...

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is d...

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena...

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescript...

A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername cau...

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due...

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversa...

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redactio...

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient...

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This...

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administra...

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handle...

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by Cl...

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper...

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of ...

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS...

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can ex...

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validatin...

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alp...

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is a...