304470 matches found
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.
The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...
CVE-2026-59519
CVE-2026-59519 affects the WordPress FormLayer plugin up to version 1.0.6. The issue is described as an insertion of sensitive information into sent data, allowing retrieval of embedded sensitive data. Affected component: FormLayer; root cause and exact exploit vector are not elaborated beyond th...
CVE-2026-59511
The CVE concerns the WordPress plugin “Exclusive Addons for Elementor” (extends Elementor). A vulnerability described as “Insertion of Sensitive Information Into Sent Data” allows retrieval of embedded sensitive data via the affected feature; it affects Exclusive Addons Elementor versions up to 2...
CVE-2026-12250
The CVE-2026-12250 entry concerns Pardus Domain Joiner (TUBITAK BILGEM Software Technologies Research Institute). A vulnerability described as an Invocation of process using visible sensitive information could allow Excavation (data exposure). Affected version range: Pardus Domain Joiner 0.5.2 pr...
CVE-2026-14751
The vulnerability CVE-2026-14751 targets mjperpinosa stumasy via SQL injection in Notes_controller::search_scratch_data (file application/PHP/objects/notes/search_scratch_data.php). The exploit arises from manipulating the argument field_name, enabling remote execution of SQL. Public exploit is s...
EUVD-2026-41757
A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...
CVE-2026-59509 Unauthenticated arbitrary MongoDB collection read in cve-search
An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...
CVE-2026-59509
CVE-2026-59509 affects cve-search: unauthenticated improper input validation in POST /fetch_cve_data lets an attacker manipulate MongoDB query parameters (collection, projected fields, regex filters) to read arbitrary application MongoDB collections, including mgmt_users (administrative usernames...
EUVD-2026-41753
An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launc...
Hoteldruid 3.0.5 - Cross-Site Scripting
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. id: CVE-2023-34537 info: name: Hoteldruid 3.0.5 - Cross-Site Scripting author: Harsh severity: medium...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35986 info: name: Rukovoditel = 2.7.2 - Cross Sit...
Jinher OA - SQL Injection
jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...
UpdraftPlus < 1.22.9 - Cross-Site Scripting
The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...
Garage Management System 1.0 - SQL Injection
Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...