Lucene search
+L

448 matches found

EUVD
EUVD
added 2026/04/08 6:23 p.m.5 views

EUVD-2026-20572

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28388

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast router.py, in function stream audio. The...

7.5CVSS6AI score0.00558EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 8:16 p.m.4 views

UBUNTU-CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

6.1CVSS6AI score0.00225EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/03 12:0 a.m.9 views

EUVD-2025-208245

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...

6.6AI score0.0053EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/20 4:32 a.m.36 views

CVE-2026-2822 JeecgBoot Backend airag_app,1,create_by sql injection

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airagapp,1,createby of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be...

6.5CVSS0.00361EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.14 views

PT-2026-7327

Name of the Vulnerable Software and Affected Versions Worklenz versions prior to 2.1.7 Description Worklenz, a project management tool, contains multiple SQL injection flaws in its backend SQL query construction. These flaws affect project and task management controllers, reporting and financial...

8.8CVSS5.6AI score0.00354EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/02/09 8:48 p.m.6 views

CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.8 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.9AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.3 views

CVE-2025-52026

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 ...

5.9AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.14 views

PT-2026-4527

Name of the Vulnerable Software and Affected Versions Gems Loyalty PHP Backend versions through 2025-05-28 Description A flaw exists in the PHP backend of gemsloyalty.aptsys.com.sg that permits unauthenticated remote attackers to initiate detailed error messages. These messages reveal internal fi...

5.3CVSS5.5AI score0.00407EPSS
Exploits0References7
CVE
CVE
added 2026/01/10 3:14 a.m.13 views

CVE-2025-61674

CVE-2025-61674 concerns October CMS. An XSS vulnerability exists in backend configuration forms where a user with Global Editor Settings can inject HTML/JS into the Markup Styles stylesheet input. A crafted input can escape the context, enabling arbitrary script execution on backend pages for al...

6.1CVSS5.5AI score0.00183EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/09 6:12 p.m.2 views

GHSA-GXXC-M74C-F48X October CMS Vulnerable to Stored XSS via Editor and Branding Styles

A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...

6.1CVSS6.1AI score0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.4 views

CVE-2020-24930

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files...

8.1CVSS7.2AI score0.01092EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.7 views

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

9.8CVSS6.5AI score0.00689EPSS
Exploits0References1
Huntr
Huntr
added 2025/12/29 5:53 p.m.6 views

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

9.8CVSS5.8AI score0.0043EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.10 views

FantasticLBP Hotels Server SQL注入漏洞

FantasticLBP Hotels Server is a hotel reservation system backend management system by FantasticLBP individual developers. FantasticLBP Hotels Server suffers from a SQL injection vulnerability, which stems from the incorrect manipulation of the parameter telephone in the file...

9.8CVSS7.8AI score0.00368EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/26 6:55 p.m.8 views

CVE-2025-65960

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS7.2AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 8:43 p.m.5 views

EUVD-2025-199633

Contao is vulnerable to remote code execution in template closures...

6.6CVSS7.6AI score0.00159EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/08 9:32 p.m.2 views

CVE-2025-12914 aaPanel BaoTa Backend database sql injection

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

5.8CVSS5AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1950

Malware in sbrugna...

2.1CVSS6.1AI score0.00379EPSS
Exploits0References13
Rows per page
Query Builder