Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9...

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_post...

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/queryde...

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-i...

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulat...

**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulner...

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to ...

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to ...

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This ...

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administra...

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation...

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title l...

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of th...

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the...

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argume...

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.