nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, Novemb…

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.