A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. Assigner : cve@mitre.org More information :...
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. Assigner : cve@mitre.org More information : https://github.com/mathurvishal/CloudClassroom-PHP-Project
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg`...
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted...
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads...
An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into...
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. Assigner : cve@mitre.org More information : https://github.com/hcxj/Tenda-Vul/blob/main/setSmartPowerManagement.md
A server-side request forgery vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
An authentication bypass vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. Assigner : security-alert@hpe.com More information : https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US