Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6145

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.5AI score0.00445EPSS
Exploits1References1
Circl
Circl
added 2026/05/14 7:0 p.m.11 views

CVE-2026-6145

creationtimestamp| type| source ---|---|--- 2026-05-14 19:00:10+00:00| published-proof-of-concept| Telegram/XDvWvSLpOLgWYjCnx5nXaVDhxhCY5P5ucZ2jMelcgSmye8Y 2026-05-14 21:00:04+00:00| seen| Telegram/pxejltfM6t0bOCIPs7C1JhjfACvEO7Gy-x7DlZhJbRtGeV0...

5.3CVSS5.8AI score0.00445EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-6145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML pag...

6.1CVSS7.5AI score0.00593EPSS
Exploits0References2
Circl
Circl
added 2025/06/16 11:33 p.m.18 views

CVE-2025-6145

creationtimestamp| type| source ---|---|--- 2025-06-16 23:33:10+00:00| published-proof-of-concept| Telegram/gKGto3J9ZB8GJQGsyZa-VAheuPEP8fY1LtXcBqVk55gIY 2025-06-16 23:40:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18554 2025-06-17 01:13:41+00:00| seen|...

9CVSS8.1AI score0.00779EPSS
Exploits1References2
CVE
CVE
added 2025/06/16 11:0 p.m.36 views

CVE-2025-6145

CVE-2025-6145 affects TOTOLINK EX1200T (firmware 4.1.2cu.5232_B20210713). The flaw lies in the HTTP POST Request Handler, specifically the /boafrm/formSysLog endpoint, where the submit-url parameter can be manipulated to trigger a buffer overflow. This can allow remote exploitation and arbitrary ...

9CVSS8.9AI score0.00779EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/06/16 11:0 p.m.21 views

CVE-2025-6145 TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The...

9CVSS0.00779EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.17 views

RHEL 9 : postgresql (RHSA-2024:6145)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6145 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

8.8CVSS7.7AI score0.01565EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/18 11:39 p.m.22 views

CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...

8.8CVSS0.01205EPSS
Exploits0References1
Circl
Circl
added 2023/12/21 3:21 p.m.10 views

CVE-2023-6145

creationtimestamp| type| source ---|---|--- 2023-12-21 15:21:46+00:00| seen| https://t.me/ctinow/157749...

9.8CVSS8.7AI score0.00518EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/21 2:15 p.m.5 views

CVE-2023-6145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...

9.8CVSS5.9AI score0.00518EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 2:15 p.m.17 views

CVE-2023-6145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...

9.8CVSS0.00518EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/21 1:58 p.m.21 views

CVE-2023-6145 SQLi in Softomi E-commerce Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...

9.8CVSS10AI score0.00518EPSS
Exploits0References2
CVE
CVE
added 2023/12/21 1:58 p.m.40 views

CVE-2023-6145

CVE-2023-6145 affects Softomi Advanced C2C Marketplace Software (Istanbul Soft Informatics and Consultancy) prior to version 12122023. Root cause is improper neutralization of special elements in SQL commands, enabling SQL injection (high impact: confidentiality, integrity, and availability all a...

9.8CVSS7.4AI score0.00518EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/08 12:0 a.m.26 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Sysstat vulnerabilities (USN-6145-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6145-1 advisory. It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use...

7.8CVSS7.7AI score0.01096EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/06/08 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-6145-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01096EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.33 views

Mageia: Security Advisory (MGASA-2018-0268)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.6AI score0.58822EPSS
Exploits14References15
Talos
Talos
added 2020/08/18 12:0 a.m.141 views

ERPNext frappe.desk.reportview.get SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...

8.8CVSS7.9AI score0.01803EPSS
Exploits1
NVD
NVD
added 2020/08/10 2:15 p.m.14 views

CVE-2020-6145

An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.4AI score0.01803EPSS
Exploits1References1
CVE
CVE
added 2020/08/10 1:10 p.m.50 views

CVE-2020-6145

CVE-2020-6145 affects ERPNext 11.1.38 via the function frappe.desk.reportview.get . The vulnerability is an SQL injection caused by unsafely handling inputs in the request (e.g., POST data) that flows into database queries, potentially enabling an attacker with authenticated access to manipulate ...

8.8CVSS8.9AI score0.01803EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/20 7:56 p.m.334 views

CVE-2019-6145

CVE-2019-6145 affects Forcepoint VPN Client for Windows versions before 6.6.1. The flaw is an unquoted search path that can be exploited locally to escalate privileges to NT AUTHORITY\SYSTEM. It relies on an attacker having local access with write permissions to two locations: C:\Program.exe and ...

7.2CVSS6.7AI score0.00665EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder