Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST co…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This is…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versi…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This i…
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and con…
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and p…
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variabl…
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and con…
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabi…
A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS).