Lucene search
K

11465 matches found

NVD
NVD
added 2025/11/10 3:15 p.m.5 views

CVE-2025-63709

A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...

5.4CVSS0.00206EPSS
Exploits1References2
OSV
OSV
added 2025/11/10 3:15 a.m.3 views

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

7.2CVSS5.7AI score0.00268EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/10 2:32 a.m.4 views

EUVD-2025-38731

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

5.8CVSS6.5AI score0.00268EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/10 2:32 a.m.3 views

CVE-2025-12927 DedeBIZ archives_add.php sql injection

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

5.8CVSS6.7AI score0.00268EPSS
Exploits0References4
CVE
CVE
added 2025/11/10 2:32 a.m.18 views

CVE-2025-12927

CVE-2025-12927 affects DedeBIZ up to version 6.3.2. The vulnerability lies in the /admin/archives_add.php component where manipulation of the flags[] argument enables a remote SQL injection. The issue is caused by an unknown function handling flags[] and has publicly disclosed exploits. Multiple ...

7.2CVSS6.7AI score0.00268EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/11/10 2:15 a.m.9 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS0.00389EPSS
Exploits1References5
OSV
OSV
added 2025/11/10 2:15 a.m.6 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS5.5AI score0.00389EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/10 1:32 a.m.5 views

EUVD-2025-38727

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

7.5CVSS6.3AI score0.00389EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/10 12:30 a.m.5 views

EUVD-2025-38722

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS5.2AI score0.00286EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.4 views

PT-2025-46147

Name of the Vulnerable Software and Affected Versions SourceCodester Interview Management System version 1.0 Description A security flaw exists in SourceCodester Interview Management System version 1.0. The issue involves a SQL injection impacting the file '/addCandidate.php'. Manipulation of the...

6.5CVSS6.5AI score0.00289EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.7 views

forest 安全漏洞

forest is a modern knowledge community backend project of RYMCU open source , using SpringBoot + Shiro + MyBatis + JWT + Redis implementation . There is a security vulnerability in forest, which originates from the lack of authorization for the functions getAll/addDic/getAllDic/deleteDic in the...

9.8CVSS7.5AI score0.00389EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.11 views

PT-2025-45592

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives add.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may ...

5.8CVSS7AI score0.00268EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.4 views

DedeBIZ SQL注入漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from incorrect manipulation of the parameter flags in the file /admin/archivesadd.php, which could lead to a SQL injection...

7.2CVSS5.6AI score0.00268EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/10 12:0 a.m.7 views

CVE-2025-63709

A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...

0.00206EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/10 12:0 a.m.2 views

CVE-2025-63709

A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...

5.4AI score0.00206EPSS
Exploits1References2
CVE
CVE
added 2025/11/10 12:0 a.m.12 views

CVE-2025-63709

CVE-2025-63709 is a stored XSS in SourceCodester Simple To-Do List System 1.0, occurring in the Add Tasks input. An authenticated user can submit HTML/JS not properly sanitized, with the injected script stored and later rendered for other users, enabling arbitrary script execution in the victim’s...

5.4CVSS5.4AI score0.00206EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.4 views

PT-2025-46165

Name of the Vulnerable Software and Affected Versions SourceCodester Simple To-Do List System version 1.0 Description A Cross-Site Scripting XSS issue exists in the "Add Tasks" text input. An authenticated user can submit HTML or JavaScript that is not properly sanitized or encoded before being...

6AI score0.00206EPSS
Exploits1References5
OSV
OSV
added 2025/11/09 11:15 p.m.3 views

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS4.2AI score
Exploits0References7
NVD
NVD
added 2025/11/09 11:15 p.m.7 views

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS0.00286EPSS
Exploits1References7
CVE
CVE
added 2025/11/09 11:2 p.m.12 views

CVE-2025-12920

FoxCMS up to 1.2.16 contains a cross-site scripting vulnerability in the add/edit path (app/admin/controller/Product.php, Title parameter). The issue can be triggered remotely and an exploit has been published; vendor did not respond. Affected versions should be updated to mitigate; as a workarou...

4.8CVSS3.3AI score0.00286EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder