5.1
CVE-2025-8508 - Portabilis i-Educar educar_avaliacao_desempenho_cad.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting.β¦
7.5
CVE-2024-51775 - Apache Zeppelin: Command Injection via CSWSH
Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.Β This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommendedβ¦
6.1
CVE-2024-41177 - Apache Zeppelin: XSS in the Helium module
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
5.1
CVE-2025-8507 - Portabilis i-Educar educar_funcao_lst.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. It is possible to launch the attack remotelβ¦
7.5
CVE-2024-52279 - Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
5.1
CVE-2025-8506 - 495300897 wx-shop editUI cross site scripting
A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has beeβ¦
5.3
CVE-2025-8505 - 495300897 wx-shop cross-site request forgery
A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to thβ¦
5.3
CVE-2025-8504 - code-projects Kitchen Treasure userregistration.php unrestricted upload
A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has beβ¦
6.9
CVE-2025-8503 - code-projects Online Medicine Guide adaddmed.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. The attack may be launched remotely. The exploβ¦
6.9
CVE-2025-8502 - code-projects Online Medicine Guide changepass.php sql injection
A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack can be launched remotely. The exploit has beenβ¦