In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSyste...

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSyste...

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to ex...

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a b...

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the fi...

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characte...

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters recei...

A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the arg...

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the charact...

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters...

iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that...

A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/con...

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with py...