CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability was found in SourceCodester Online School Fees System 1.0 that allows cross site scripting attacks through manipulation of the 'branch' parameter in the /paysystem/branch.php file. The attack can be initiated remotely.
A vulnerability has been identified in JT2Go and Teamcenter Visualization applications that are in versions earlier than specified. The issue involves an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file, which could lead to the disclosure of sensitive information.
A vulnerability has been identified in JT2Go and Teamcenter Visualization applications, which contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application, causing a denial of service condition.
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0, rated as problematic. Manipulation of the arguments firstname/middlename/lastname/username in the file /classes/Users.php?f=save leads to cross-site scripting attacks.
A vulnerability was found in SourceCodester Performance Indicator System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the prodname argument in the /admin/addproduct.php file.
A vulnerability was found in SourceCodester Life Insurance Management System 1.0 that allows cross site scripting attacks through manipulation of the nominee_id parameter in the insertNominee.php file. The attack can be launched remotely.
A vulnerability was found in y_project RuoYi up to version 4.7.7, classified as problematic. It affects the function filterKeyword, where manipulation of the argument value leads to resource consumption.
IBM TXSeries for Multiplatforms versions 8.1, 8.2, 9.1, and CICS TX Standard and Advanced versions 10.1 and 11.1 do not set the secure attribute on authorization tokens and session cookies. This may allow attackers to capture cookie values by sending an HTTP link to a user.
IBM TXSeries for Multiplatforms versions 8.1, 8.2, 9.1, and CICS TX Standard and Advanced versions 10.1 and 11.1 may transmit sensitive information in query parameters that could be intercepted using man-in-the-middle techniques.
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'title' argument in the admin/posts/manage_post.php file. The attack can be launched remotely.
A vulnerability has been found in SourceCodester Online Discussion Forum Site version 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'content' argument in the file admin\posts\manage_post.php.
A vulnerability in the CLI tool notation allows an attacker who has compromised a registry to add a high number of signatures to an artifact, potentially leading to denial of service on the machine when a user runs the 'notation inspect' command.
A vulnerability has been found in Dahua Smart Parking Management up to version 20230528, leading to server-side request forgery through manipulation of the fileUrl argument. Exploitation of this vulnerability may allow unauthorized access to server resources.
A vulnerability has been found in X-WRT luci up to version 22.10_b202303061504, affecting the run_action function in the modules/luci-base/ucode/dispatcher.uc file. Manipulation of the request_path argument leads to cross site scripting.
Xpdf has a vulnerability related to excessively large PDF page sizes, which can lead to a divide-by-zero error in the text extraction code. This issue was discovered during fuzz testing and is unlikely to occur in normal PDF files.
A vulnerability has been found in the Agro-School Management System 1.0 affecting the doAddQuestion function in the btn_functions.php file. Manipulation of the Question argument leads to cross-site scripting (XSS) attacks.
A vulnerability was found in 07FLY CRM up to version 1.2.0, leading to cross site scripting (XSS) attacks through manipulation of the User Profile Handler component code. The attack can be initiated remotely.
In JetBrains Ktor versions before 2.3.1, headers containing authentication data could be added to the exception's message.
A vulnerability has been found in Guangdong Pythagorean OA Office System up to version 4.50.31, affecting an unknown functionality of the Schedule Handler component. Manipulation of the argument 'description' leads to cross site scripting.
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 that allows basic cross site scripting attacks through manipulation of the First Name/Middle Name/Last Name arguments on the Manage User Page.

