7.1
CVE-2019-25347 - thesystem App 1.0 - 'username' SQL Injection
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.
7.1
CVE-2019-25346 - thesystem 1.0 - 'server_name' SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
8.5
CVE-2019-25345 - RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
8.5
CVE-2019-25344 - MobileGo 8.5.0 - Insecure File Permissions
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators gβ¦
8.5
CVE-2019-25343 - NextVPN 4.10 - Insecure File Permissions
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.
4.9
CVE-2026-22821 - mreporting affected by a SQLI on date change
mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
9.3
CVE-2026-26219 - newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapiβ¦
9.3
CVE-2026-26218 - newbee-mall Default Seeded Administrator Credentials Allow Account Takeover
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials mayβ¦
5.3
CVE-2026-21438 - webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resoβ¦
5.3
CVE-2026-21435 - webtransport-go CloseWithError can block indefinitely
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blockiβ¦