64 matches found
EUVD-2021-34833
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plain text during the execution of a playbook. This occurs when tasks such as includevars are used to load vaulted variables without setting the nolog: true parameter. As a result,...
CVE-2025-50666
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...
EUVD-2025-209345
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...
CVE-2025-50666
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...
CVE-2025-50671
Summary : CVE-2025-50671 affects the D-Link DI-8003 firmware version 16.07.26A1 via a buffer overflow in the /xwgl_ref.asp endpoint. The issue arises from improper handling of request parameters, where crafted HTTP GETs with excessively long strings in name, en, user_id, shibie_name, time, act, l...
CVE-2026-5148
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
PT-2026-24999
🚨 CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind...
Azure Linux 3.0 Security Update: ansible (CVE-2024-8775)
The version of ansible installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8775 advisory. - A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in...
CVE-2025-14301 Integration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the processtablebulkactions function processing user-supplied file paths without authentication checks, nonce verification, or path validation...
CVE-2025-14301 Integration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the processtablebulkactions function processing user-supplied file paths without authentication checks, nonce verification, or path validation...
PT-2026-2809
Name of the Vulnerable Software and Affected Versions Integration Opvius AI for WooCommerce plugin for WordPress versions up to and including 1.3.0 Description The Integration Opvius AI for WooCommerce plugin for WordPress is susceptible to a Path Traversal issue. This is caused by the process...
WordPress plugin Integration Opvius AI for WooCommerce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...
CVE-2025-11177
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-11177
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-11177
CVE-2025-11177 is a WordPress External Login plugin vulnerability: an unauthenticated SQL injection via the log parameter in all versions up to 1.11.2, caused by insufficient escaping and inadequate query preparation. The issue allows unauthenticated attackers to append SQL statements to existing...
EUVD-2025-34559
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...
CVE-2025-62358 WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...
CVE-2025-62358 WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...