Lucene search
K

1023 matches found

EUVD
EUVD
added 2026/02/06 9:4 p.m.6 views

EUVD-2026-5571

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...

5.4CVSS5.3AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Payload 安全漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.74.0 have a security vulnerability. This vulnerability stems from an insecure direct object reference within the payload-preferences collection. In environments...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/06 12:0 a.m.165 views

📄 Xhibiter NFT Marketplace 1.10.2 SQL Injection

Xhibiter NFT Marketplace versions 1.10.2 and below suffer from a time-based remote blind SQL injection vulnerability in the id parameter of the /collections endpoint...

9.3CVSS5.7AI score0.0032EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.138 views

📄 Cockpit CMS 0.13.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...

5.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/21 3:50 p.m.163 views

Exploit for CVE-2024-58290

CVE-2024-58290-Xhibiter-SQLi Proof of Concept PoC for SQL In...

9.3CVSS6.5AI score0.0032EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.10 views

MiracleLinux 7 : apache-commons-collections-3.2.1-22.el7 (AXSA:2015-834:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-834:01 advisory. The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures ha...

10CVSS7AI score0.83274EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : jakarta-commons-collections-3.2.1-3.5.AXS4 (AXSA:2015-832:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-832:01 advisory. The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures ha...

10CVSS7AI score0.83274EPSS
Exploits8References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 6:56 p.m.13 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)

Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...

9.8CVSS8.1AI score0.18763EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 5:25 a.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or...

8.4CVSS8AI score0.25151EPSS
Exploits14Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.6 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.7AI score0.0032EPSS
Exploits2References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55341

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.2AI score0.0032EPSS
Exploits2References4
NVD
NVD
added 2025/12/11 10:15 p.m.3 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS0.0032EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/11 9:34 p.m.5 views

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.3AI score0.0032EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/11 9:34 p.m.20 views

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS0.0032EPSS
Exploits2References3
CVE
CVE
added 2025/12/11 9:34 p.m.13 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...

9.3CVSS7.3AI score0.0032EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

9.3CVSS7.5AI score0.0032EPSS
Exploits2References8
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.7 views

DeoThemes Xhibiter NFT Marketplace SQL注入漏洞

DeoThemes Xhibiter NFT Marketplace is a website builder from DeoThemes, Inc. A SQL injection vulnerability exists in DeoThemes Xhibiter NFT Marketplace version 1.10.2, which originates from an SQL injection in the id parameter in the collections endpoint, which could lead to the disclosure or...

9.3CVSS7.6AI score0.0032EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/12/04 8:12 p.m.3 views

CVE-2025-65097

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...

7.1CVSS6.7AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/04 8:12 p.m.4 views

CVE-2025-65096

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...

5.3CVSS6.7AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 8:16 p.m.8 views

CVE-2025-65097

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...

7.1CVSS0.00181EPSS
Exploits0References1
Rows per page
Query Builder