| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. |
| A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. |
| A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. |
| A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. |
| A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. |
| A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. |
| A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used. |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1
could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. |
| IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security. |
| Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. |
| Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. |
| IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. |
| Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2.
This issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae. |
| The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks. |
| Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue. |
| A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents. |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
