Lucene search
+L

448 matches found

CVE
CVE
added 2022/08/01 12:47 p.m.61 views

CVE-2022-1561

The CVE-2022-1561 issue concerns Lura and KrakenD-CE before 2.0.2 and KrakenD-EE before 2.0.0 where URL parameters aren’t sanitized, enabling a crafted URL to alter the backend URL defined for a pipe. The vulnerability does not affect KrakenD itself, but the consumed backend may be vulnerable. Re...

4.3CVSS4.5AI score0.00504EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.6 views

ZZCMS SQL注入漏洞

zzcms Webmaster Merchants Content Management System, developed by the zzcms team, incorporates database optimization, content caching, AJAX and other technologies to make the site's security, stability, and load capacity is reliably guaranteed. The source code is open and the functional modules a...

8.8CVSS6AI score0.00908EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 4:13 a.m.8 views

GHSA-23X9-8HXR-978C OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

7.1CVSS6.2AI score0.01367EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.7 views

Verydows 路径遍历漏洞

Verydows is a lightweight open source e-commerce management system developed using the PHP language . Verydows v2.0 has a security vulnerability , an attacker can ackenddatabasecontroller.php for arbitrary file deletion...

8.1CVSS7.9AI score0.01205EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/02/24 12:0 a.m.16 views

PT-2022-13397 · 1Byte · Copy9 +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an Insecure Direct Object...

7.5CVSS7.3AI score0.02508EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/25 4:15 p.m.7 views

CVE-2021-46087

In jfinalcms = 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code...

5.4CVSS5.9AI score0.00503EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/12/14 2:15 p.m.2 views

CVE-2021-45014

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26...

9.8CVSS7.3AI score0.0108EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.8 views

WTCMS 跨站脚本漏洞

WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...

5.4CVSS5.1AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.7 views

WTCMS 跨站脚本漏洞

WTCMS is a content management system CMS based on ThinkPHP. a cross-site scripting vulnerability exists in the link address field under the link module of the WTCMS backend. No details of the vulnerability are currently available...

5.4CVSS5.2AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.4 views

Github developer-be 代码问题漏洞

Edgegallery developer-be is a developer platform that provides development tools/testing environment/online deployment for App developers, divided into two parts: developer-be is the backend part, providing interface calls, and developer-fe is the frontend part, providing interface display...

10CVSS5.8AI score0.01962EPSS
Exploits1References1
Veracode
Veracode
added 2021/08/26 6:12 a.m.32 views

Authorization Bypass

modsecurity-crs is vulnerable to authorization bypass. An attacker is able to exploit a vulnerability in the backend that results in a CRS request body bypass that abuses trailing pathname information...

9.8CVSS4.2AI score0.02542EPSS
Exploits1References11Affected Software1
CNVD
CNVD
added 2021/05/08 12:0 a.m.3 views

Command Execution Vulnerability in CmsEasy Backend

CmsEasy is a web content management system based on PHP Mysql architecture and a PHP development platform. A command execution vulnerability exists in the CmsEasy backend. An attacker can exploit the vulnerability to gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/03/31 12:0 a.m.4 views

Command Execution Vulnerability in Weiphp Backend

WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. A command execution vulnerability exists in the Weiphp backend. Attackers can use the vulnerability to obtain server privileges...

7.1AI score
Exploits0
CNVD
CNVD
added 2021/03/24 12:0 a.m.4 views

SQL Injection Vulnerability in Ke361 Backend Ca***.cl***.php

Ke361 is an open source Taobao system, based on the latest ThinkPHP3.2 version of the development, to provide a more convenient and secure WEB application development experience, the Taobao system adopts a new architectural design and namespace mechanism, the integration of modular, driven and...

7.7AI score
Exploits0
CNVD
CNVD
added 2021/03/19 12:0 a.m.3 views

OurPHP backend has an arbitrary file read vulnerability

OurPHP is an enterprise e-commerce marketing website building system. OurPHP backend has an arbitrary file reading vulnerability, which can be exploited by an attacker to read any system file...

7AI score
Exploits0
Mageia
Mageia
added 2021/03/04 12:26 p.m.87 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.19 and fixes at least the following security issues: An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An...

7.8CVSS1.1AI score0.00544EPSS
Exploits1References9
CNVD
CNVD
added 2021/02/01 12:0 a.m.1 views

SQL injection vulnerability in SeaCMS backend (CNVD-2021-14497)

SeaCMS Ocean CMS is a web content management system based on PHP+MYSQL architecture and supports cross-platform operation. A SQL injection vulnerability exists in the backend of SeaCMS. An attacker can exploit this vulnerability to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/01/27 12:0 a.m.4 views

Command Execution Vulnerability in songcms Backend

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A command execution vulnerability exists in the backend of songcms. An attacker can...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/01/25 12:0 a.m.6 views

Command execution vulnerability in the backend of the Guojiz international web site navigation system (CNVD-2021-12802)

Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz international web site navigation system back-end command execution vulnerability, an attacker can use...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2021/01/21 1:11 p.m.137 views

Exploit for Improper Authentication in Projectsend

This repository contains the description of the vulnerability fo...

7.5CVSS7.7AI score0.02351EPSS
Exploits2
Rows per page
Query Builder