CVE Vulnerability Database

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) …

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql …

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can …

A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype …

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code leads to sql …

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead …

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql …

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. …

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results …

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the …