CVE Vulnerabilities

A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipula...

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed ...

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the argu...

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a m...

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manip...

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argume...

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-s...

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to...

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mode...

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulatio...

A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipu...

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler....

A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name1...

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the compon...

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql inje...

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java o...

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to b...

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.p...

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to in...

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the c...

A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead ...

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler....

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The...

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Pe...

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7...

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Exe...

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing...

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component...

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injectio...

HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by expl...

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument ...

A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection...

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possi...

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files...

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the compo...

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that e...

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of th...

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component End...

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect ho...

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper...

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation o...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affect...

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulatin...

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access contr...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Throu...

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selectedit...

Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translatio...

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implement...