Lucene search
K

126 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-27604

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01195EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-22819

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00584EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22817

Malicious code in bioql PyPI...

9.8CVSS4.9AI score0.0057EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27613

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00649EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27178

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00351EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-22816

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00614EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-22573

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00347EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22569

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00548EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/09/12 8:47 p.m.12 views

CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

6.5CVSS6.6AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 7:23 p.m.28 views

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

8.8CVSS6.9AI score0.01195EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/12 12:0 a.m.2 views

ChanCMS SQL Injection Vulnerability

ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...

8.8CVSS7AI score0.01195EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/12 12:0 a.m.3 views

ChanCMS Server-Side Request Forgery Vulnerability

ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...

6.5CVSS6.5AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 11:17 p.m.5 views

CVE-2025-10110

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

8.8CVSS6.4AI score0.00306EPSS
Exploits1References1
NVD
NVD
added 2025/09/10 8:15 p.m.5 views

CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

6.5CVSS0.00649EPSS
Exploits0References5
OSV
OSV
added 2025/09/10 8:15 p.m.3 views

CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

5.3CVSS5.5AI score0.00649EPSS
Exploits0References5
CVE
CVE
added 2025/09/10 8:2 p.m.22 views

CVE-2025-10211

ChanCMS 3.3.0 contains a server-side request forgery in the CollectController, triggered by manipulating the taskUrl parameter in /cms/collect/getArticle. The issue allows remote attackers to make arbitrary requests from the server. Public disclosures and a Nuclei template detail this SSRF, descr...

6.5CVSS6.4AI score0.00649EPSS
In wildExploits0References5Affected Software1
OSV
OSV
added 2025/09/10 7:15 p.m.5 views

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

8.8CVSS6.4AI score0.01195EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/10 7:2 p.m.4 views

CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS6.5AI score0.01195EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/10 7:2 p.m.23 views

CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS0.01195EPSS
Exploits0References5
CVE
CVE
added 2025/09/10 7:2 p.m.29 views

CVE-2025-10210

ChanCMS up to version 3.3.0 contains a SQL injection in the Search function (app/modules/api/service/Api.js) caused by manipulation of the key argument. The issue is exploitable remotely, and public PoC/exploit material exists; the vendor has not responded. A remediation is needed: upgrade to the...

8.8CVSS6.5AI score0.01195EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder