Newforma Info Exchange (NIX) ‘/UserWeb/Common/MarkupServices.ashx’ allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service...
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the...
Newforma Info Exchange (NIX) accepts serialized .NET data via the ‘/remoteweb/remote.rem’ endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with ‘NT AUTHORITYNetworkService’ privileges. The vulnerable endpoint is used by Newforma Project Center...
Newforma Project Center Server (NPCS) accepts serialized .NET data via the ‘/ProjectCenter.rem’ endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with ‘NT AUTHORITYNetworkService’ privileges. According to the recommended architecture, the...
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack...
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be...
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be...
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack...
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. More information : https://github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-60316/README.md
A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to...
A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection....
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session...
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by...
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the “Shared Notes” feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input location being the “Username” field and the output location...