A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

The Mongoose software prior to version 8.8.3 contains a vulnerability that allows for improper handling of the $where clause in queries. This can lead to search injection attacks, enabling an attacker to manipulate query results and potentially retrieve unwanted or sensitive information. Users of...

A significant vulnerability exists within the Projectworlds Online Doctor Appointment Booking System 1.0, specifically affecting the processing of the '/patient/profile.php?patientId=1' file. This issue arises from the manipulation of the 'patientFirstName' parameter, which can lead to SQL inject...

A vulnerability exists in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically in the /patient/patientupdateprofile.php file. The issue arises from improper handling of the patientFirstName parameter, allowing attackers to execute SQL injection attacks remotely. This flaw ...

A significant SQL injection vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically affecting the /patient/getschedule.php file. This vulnerability allows attackers to manipulate the 'q' argument, enabling unauthorized access to the databa...

A vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System version 1.0, specifically within the file /patient/appointment.php. The issue arises from improper handling of the scheduleDate parameter, allowing attackers to manipulate SQL queries through a craft...

A vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically within the /doctor/deleteschedule.php file. This vulnerability allows attackers to perform SQL injection by manipulating the argument ID, potentially leading to unauthorized data ac...

A vulnerability exists in the Projectworlds Online Doctor Appointment Booking System due to improper handling of input in the /doctor/deletepatient.php file. An attacker can exploit this flaw by manipulating the 'ic' parameter, leading to unauthorized SQL queries being executed on the database ba...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

A SQL injection vulnerability has been discovered in the Online Doctor Appointment Booking System 1.0 by Projectworlds. This flaw exists due to inadequate validation of the 'ID' parameter within the /doctor/deleteappointment.php file, allowing remote attackers to manipulate database queries. If e...

A vulnerability has been identified in FastCMS version 0.1.5 concerning its JWT Handler, which erroneously implements a hard-coded cryptographic key. This flaw can compromise the integrity of authentication processes, potentially enabling attackers to perform unauthorized actions. As the vulnerab...

A vulnerability in Project Worlds Online Lawyer Management System version 1.0 exposes critical risks due to improper handling of user-input parameters in the /single_lawyer.php file. This flaw allows attackers to manipulate the 'u_id' argument, leading to potential SQL injection attacks. As a res...

A security flaw has been identified in the Project Worlds Online Lawyer Management System 1.0 that allows for SQL injection through the manipulation of the 'first_Name' argument in the /save_user_edit_profile.php file. This vulnerability can be exploited remotely, enabling an attacker to access a...

A security vulnerability exists in the Project Worlds Online Lawyer Management System version 1.0 that allows for SQL injection through manipulation of the 'experience' argument in the /searchLawyer.php file. This flaw can be exploited remotely by attackers, potentially leading to unauthorized ac...

A vulnerability was identified in Project Worlds Online Lawyer Management System version 1.0, specifically in the /save_booking.php file. This issue allows for remote SQL injection through manipulation of the lawyer_id parameter. Attackers can exploit this vulnerability to execute arbitrary SQL c...

A vulnerability has been identified in the Project Worlds Online Lawyer Management System, specifically within the /lawyer_booking.php file. This issue arises from improper handling of the unblock_id argument, which could allow an attacker to execute SQL injection attacks. The potential exploit c...

A SQL injection vulnerability exists in the Project Worlds Online Lawyer Management System 1.0. The vulnerability is due to improper validation of the 'unblock_id' argument in the file /approve_lawyer.php. Attackers can exploit this vulnerability remotely to manipulate queries and gain unauthoriz...

A SQL injection vulnerability has been identified in the Project Worlds Online Lawyer Management System version 1.0, specifically within the /admin_user.php file. This flaw allows an attacker to manipulate the arguments block_id and unblock_id, which can lead to unauthorized access and potential ...

A vulnerability exists in Projeqtor versions up to 12.0.2 due to improper handling of the argument 'attachmentFiles' in the saveAttachment.php file, allowing unauthorized users to upload files without restriction. While the attack can be initiated remotely, the complexity of exploitation is relat...

A SQL injection vulnerability exists in the PHPGurukul Time Table Generator System 1.0, specifically within the /admin/edit-class.php file. This vulnerability allows an attacker to manipulate the argument 'editid', potentially enabling unauthorized access to the database and extraction of sensiti...

A denial of service vulnerability has been detected in the Tenda AC23 Router, specifically affecting the API Interface component located at /goform/VerAPIMant. The flaw arises from improper processing of the getuid argument, allowing an attacker to trigger a denial of service condition. This issu...

A stack-based buffer overflow vulnerability was identified in the search_item function of the Product Management System. Manipulation of the target argument can result in a buffer overflow, potentially allowing unauthorized access. The vulnerability requires local access for exploitation and has ...

The vulnerability in Spring Security versions 6.4.0 through 6.4.3 may allow unauthorized access due to improper handling of method security annotations on parameterized types or methods. If @EnableMethodSecurity is active and method security annotations are misconfigured, attackers may exploit th...

A security vulnerability exists within Tencent Music Entertainment's SuperSonic application, specifically in the H2 Database Connection Handler. This flaw is associated with the '/api/semantic/database/testConnect' component, enabling remote attackers to execute arbitrary code by sending crafted ...

A vulnerability exists within InternLM LMDeploy versions up to 0.7.1, specifically in the Open function of lmdeploy/docs/en/conf.py. This flaw allows for code injection, enabling attackers to manipulate the affected system by launching local attacks. The vulnerability has been publicly disclosed ...

A vulnerability exists in the InternLM LMDeploy application affecting versions up to 0.7.1, specifically in the load_weight_ckpt function within the PT File Handler. This flaw can potentially allow for malicious deserialization, making it possible to manipulate how data is processed within the ap...

A stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically in the ShutdownSetAdd function found in the /goform/ShutdownSetAdd file. By manipulating the argument list, attackers are able to exploit this weakness remotely, potentially leading to unauthorized access an...

A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically within the Assimp::SceneCombiner::AddNodeHashes function located in the SceneCombiner.cpp file of the File Handler component. This issue allows for out-of-bounds read operations, potentially ...

A heap-based buffer overflow has been identified in the Open Asset Import Library Assimp version 5.4.3. This vulnerability stems from the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices, located in the ASEParser.cpp file. It exposes the software to potential attacks when exploited locally...

A vulnerability has been identified in the Open Asset Import Library Assimp, specifically within the LWO File Handler component. The flaw resides in the Assimp::LWO::AnimResolver::UpdateAnimRangeSetup function, where improper handling of input can lead to a heap-based buffer overflow. This vulner...

The Beam me up Scotty - Back to Top Button, developed by Out the Box, contains a vulnerability that allows for Stored Cross-site Scripting (XSS). This occurs due to improper neutralization of input during web page generation, potentially enabling attackers to inject malicious scripts into web pag...

An SQL Injection vulnerability exists in the Tribulant Software Newsletters plugin. This flaw allows attackers to manipulate SQL queries by improperly neutralizing special elements within the input fields. As a result, unauthorized access to sensitive data or database manipulation could occur. Th...

A cross site scripting vulnerability exists in the Search component of caipeichao ThinkOX 1.0. The issue is triggered by manipulation of the 'keywords' parameter in the /ThinkOX-master/index.php?s=/Weibo/Index/search.html file. This enables attackers to execute malicious scripts remotely, posing ...

A security flaw has been identified in the SourceCodester Gym Management System version 1.0, particularly within the functionality of the /signup.php file. This vulnerability allows attackers to manipulate the user_name parameter, enabling the execution of SQL injection attacks. Such exploitation...

A vulnerability in the itning Student Homework Management System allows attackers to exploit an unknown functionality through cross-site request forgery (CSRF). This manipulation can be executed remotely and affects multiple endpoints, potentially exposing sensitive user data and compromising sys...

A cross site scripting vulnerability has been identified in the Itning Student Homework Management System, specifically affecting versions up to 1.2.7. This vulnerability arises from the mishandling of the Course argument in the Edit Job Page component located in the /shw_war/fileupload file. Att...

A buffer overflow vulnerability exists in the Codeprojects Product Management System 1.0, specifically related to the Login component. This flaw allows an attacker to manipulate the Str1 argument, potentially leading to unauthorized memory access. It is crucial to note that exploiting this vulner...

A security flaw has been identified in the PHPGurukul Boat Booking System version 1.0, specifically within the /add-subadmin.php file. This vulnerability allows an attacker to manipulate the 'sadminusername' argument, leading to a SQL injection attack. The threat can be exploited remotely, thereb...

The PHPGurukul Bus Pass Management System 1.0 contains a vulnerability in the file /view-pass-detail.php. The flaw arises from improper handling of the 'viewid' parameter, allowing an attacker to manipulate SQL queries executed by the application. This vulnerability enables remote attackers to co...

A memory corruption vulnerability exists in MindSpore 2.5.0, specifically in the function mindspore.numpy.fft.rfft2. This issue requires local exploitation and can potentially allow an attacker to manipulate memory, leading to unauthorized access or disruption of service. The vulnerability has be...

A SQL injection vulnerability exists in the SourceCodester Apartment Visitor Management System version 1.0, specifically in the /visitor-entry.php file. The manipulation of the 'visname' and 'address' parameters can allow an attacker to execute arbitrary SQL queries against the database remotely....

The MapPress Maps for WordPress plugin version prior to 2.94.9 contains a security flaw that fails to properly sanitize and escape certain parameters when displaying them on web pages. This oversight allows users with minimal permissions, such as those with a contributor role, to execute Cross-Si...

An SQL injection vulnerability exists in the SourceCodester Apartment Visitor Management System, specifically within the /add-apartment.php file. This flaw allows attackers to manipulate the 'buildingno' parameter, potentially leading to unauthorized access to the database. The vulnerability can ...

A vulnerability has been identified in the SourceCodester Online Medicine Ordering System, specifically in the manage_category.php file. This issue arises from improper handling of user-supplied input, allowing an attacker to manipulate the ID argument and execute SQL queries. The attack can be i...

An SQL injection vulnerability has been identified in the SourceCodester Online Medicine Ordering System version 1.0. The issue arises due to improper handling of the ID argument in the /view_category.php file, allowing attackers to manipulate SQL queries remotely. This exploitation could lead to...

A buffer overflow vulnerability has been identified in the Login function of the Code-Projects Bus Reservation System 1.0. This flaw allows an attacker to manipulate the Str1 argument, potentially leading to unauthorized access and the execution of arbitrary code. Given that the exploit has been ...

A vulnerability has been identified in PHPGurukul's Online Security Guards Hiring System, specifically within the /admin/edit-guard-detail.php file. This issue arises from improper handling of user input, allowing for SQL injection through manipulation of the editid argument. An attacker could ex...

A remote SQL injection vulnerability exists in the PHPGurukul Online Security Guards Hiring System version 1.0. This security weakness arises from improper handling of the 'editid' parameter in the /admin/changeimage.php file, allowing attackers to manipulate SQL queries and gain unauthorized acc...

A local memory corruption vulnerability has been discovered in PyTorch 2.6.0, specifically within the function torch.cuda.memory.caching_allocator_delete found in the CUDACachingAllocator.cpp file. This issue allows an attacker with local access to manipulate memory allocation, resulting in unint...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...