Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 9:37 a.m.11 views

CVE-2024-24013

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list...

9.8CVSS9.7AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 7:29 a.m.4 views

CVE-2024-24021

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list...

9.8CVSS9.6AI score0.00086EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/02/20 12:0 a.m.2 views

PT-2024-20854 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.3.0-RC1 Description: The issue is related to an arbitrary file upload vulnerability in the component /sysFile/upload. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.8AI score0.00243EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2024/02/08 12:0 a.m.18 views

CVE-2024-24017

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list...

7.8AI score0.00064EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/02/08 12:0 a.m.8 views

Novel-Plus Code Issue Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file upload vulnerability in the component com.java2nb.system.controller.SysUserController: uploadImg...

9.8CVSS7.3AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/02/07 12:0 a.m.1 views

PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

9.8CVSS7AI score0.00103EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/02/07 12:0 a.m.2 views

PT-2024-20239 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to pass specially crafted offset, limit, and sort parameters to perform SQL injection via the "/novel/userFeedback/list" API endpoint...

9.8CVSS9.6AI score0.00086EPSS
Exploits0References7
Prion
Prionadded 2024/01/26 7:15 p.m.14 views

Sql injection

A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier...

5.2CVSS7.4AI score0.00052EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2024/01/26 6:31 p.m.63 views

CVE-2024-0941

Summary (CVE-2024-0941) : A SQL injection vulnerability exists in Novel-Plus 4.3.0-RC1 caused by improper handling of the sort parameter in /novel/bookComment/list. The root cause is string/parameter manipulation that enables crafted input to alter SQL queries. Public disclosures of the exploit a...

9.8CVSS9.7AI score0.00052EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2024/01/18 3:15 a.m.18 views

Sql injection

A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be...

5.2CVSS7.6AI score0.00053EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder