Lucene search
K

90 matches found

RedhatCVE
RedhatCVE
added 2025/08/11 12:33 p.m.12 views

CVE-2025-8752

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

9.8CVSS7.9AI score0.04804EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/09 12:2 p.m.14 views

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

7.5CVSS0.04804EPSS
Exploits1References4
OSV
OSV
added 2025/04/04 4:15 p.m.7 views

CVE-2025-3254

A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...

9.8CVSS6.3AI score0.00494EPSS
Exploits1References4
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /api/v1/models/add endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model...

8.4CVSS7.4AI score0.00897EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-3896 · Opencart · Blog Botz For Journal Theme

Name of the Vulnerable Software and Affected Versions: Blog Botz for Journal Theme version 1.0 on OpenCart Description: A critical vulnerability was found in Blog Botz for Journal Theme on OpenCart, affecting an unknown part of the file /index.php?route=extension/module/blog add. The manipulation...

7.5CVSS7.4AI score0.00444EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.9 views

DataX-Web 安全漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. A security vulnerability exists in DataX-Web version 2.1.1, which stems from an operating system command injection vulnerability in the glueSource parameter of the /api/job/add/ file...

8.8CVSS6.8AI score0.04942EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.7 views

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

5.3CVSS3.3AI score0.00346EPSS
Exploits0References8
OSV
OSV
added 2024/09/07 7:15 p.m.4 views

CVE-2024-8562

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...

6.1CVSS3.8AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/07 12:0 a.m.4 views

PHP CRUD 跨站脚本漏洞

PHP CRUD is a PHP-based implementation of add, delete, change and retrieve. A cross-site scripting vulnerability exists in PHP CRUD version 1.0, which stems from a cross-site scripting vulnerability contained in the firstname/middlename/lastname parameters of the /endpoint/Add.php file...

6.1CVSS4.5AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.4 views

PT-2024-39099 · Unknown · Sourcecodester Php Crud

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A security issue was discovered in the file /endpoint/Add.php, where the manipulation of the arguments first name, middle name, and last name leads to cross-site scripting. The attack can be...

6.1CVSS4.3AI score0.00291EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.5 views

PT-2024-30075 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/layout/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, as a temporary...

8.8CVSS7AI score0.00212EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.10 views

PT-2024-30083 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was found in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/add" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider disabling acces...

8.8CVSS6.8AI score0.0031EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-29006 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/interfaces/add/". Recommendations: For netbox versio...

7.1CVSS6AI score0.004EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-29021 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at the "/circuits/circuits/add" API endpoint...

6.1CVSS5.5AI score0.00451EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-29015 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at the "/dcim/console-ports/add" API endpoint. Recommendations...

6.1CVSS5.9AI score0.00353EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.3 views

PT-2024-37374 · Bethesda · Bethesda Online Reservation System

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting the uploadImage function of the file /admin/mod room/controller.php?action=add. The manipulation ...

9.8CVSS7.3AI score0.00874EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.8 views

PT-2024-23102 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: A Cross-Site Scripting XSS issue exists in Sentrifugo, specifically through the /sentrifugo/index.php/sitepreference/add endpoint, where the description parameter is vulnerable. This could allow a remote us...

7.1CVSS6AI score0.00489EPSS
Exploits0References6
Veracode
Veracode
added 2024/03/18 6:0 p.m.18 views

Uncontrolled Resource Consumption

Mattermost is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to Mattermost's failure to handle a null request body in the /add endpoint, which allows a simple member to send a request with a null request body to that endpoint, causing it to crash. After a few repetition...

6.5CVSS6.7AI score0.00642EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.3 views

PT-2024-20260 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sysContent/add" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number o...

5.4CVSS5.5AI score0.00394EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.7 views

PT-2023-32921 · Unknown · Campcodes Online College Library System

Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/borrow add.php of the component HTTP POST Request Handler. The manipulation of the student argument leads ...

9.8CVSS5.9AI score0.00636EPSS
Exploits1References9
Rows per page
Query Builder