1023 matches found
EUVD-2026-5571
Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...
Payload 安全漏洞
Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.74.0 have a security vulnerability. This vulnerability stems from an insecure direct object reference within the payload-preferences collection. In environments...
📄 Xhibiter NFT Marketplace 1.10.2 SQL Injection
Xhibiter NFT Marketplace versions 1.10.2 and below suffer from a time-based remote blind SQL injection vulnerability in the id parameter of the /collections endpoint...
📄 Cockpit CMS 0.13.0 Cross Site Scripting
Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...
Exploit for CVE-2024-58290
CVE-2024-58290-Xhibiter-SQLi Proof of Concept PoC for SQL In...
MiracleLinux 7 : apache-commons-collections-3.2.1-22.el7 (AXSA:2015-834:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-834:01 advisory. The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures ha...
MiracleLinux 4 : jakarta-commons-collections-3.2.1-3.5.AXS4 (AXSA:2015-832:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-832:01 advisory. The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures ha...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)
Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
EUVD-2024-55341
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...
PT-2025-50744
Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...
DeoThemes Xhibiter NFT Marketplace SQL注入漏洞
DeoThemes Xhibiter NFT Marketplace is a website builder from DeoThemes, Inc. A SQL injection vulnerability exists in DeoThemes Xhibiter NFT Marketplace version 1.10.2, which originates from an SQL injection in the id parameter in the collections endpoint, which could lead to the disclosure or...
CVE-2025-65097
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...
CVE-2025-65096
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...
CVE-2025-65097
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...