Lucene search
K

2125 matches found

Cvelist
Cvelist
added 2025/11/26 12:0 a.m.8 views

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

0.00392EPSS
Exploits1References3
CVE
CVE
added 2025/11/26 12:0 a.m.10 views

CVE-2025-65236

CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...

9.8CVSS8AI score0.00392EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.3 views

PT-2025-48158

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

8.4AI score0.00392EPSS
Exploits1References4
NVD
NVD
added 2025/11/11 11:15 a.m.7 views

CVE-2025-12539

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

10CVSS0.00952EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/11 11:3 a.m.7 views

CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

10CVSS6.8AI score0.00952EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/10 10:17 p.m.7 views

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

8.8CVSS0.00376EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/10 9:30 p.m.5 views

EUVD-2025-50812

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topicid parameter...

8.8CVSS7.4AI score0.00376EPSS
Exploits1References3
OSV
OSV
added 2025/11/10 9:30 p.m.1 views

GHSA-4RWR-8C3M-55F6 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...

8.8CVSS6.1AI score0.00376EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/10 9:30 p.m.10 views

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...

8.8CVSS6.1AI score0.00376EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

PocketVJ CP 安全漏洞

PocketVJ CP is a control panel software by magdesign individual developers. A security vulnerability exists in PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1, which stems from the submitopacity.php component failing to clean up user input for the capacityValue POST parameter, which could allow a...

9.8CVSS7.5AI score0.01054EPSS
Exploits1References2
CVE
CVE
added 2025/11/05 12:0 a.m.38 views

CVE-2025-63334

PocketVJ CP pvj version 3.9.1 is affected by an unauthenticated remote code execution in submit_opacity.php. The vulnerability is caused by failure to sanitize the opacityValue POST parameter, which is passed to a shell command, enabling remote attackers to execute arbitrary commands with root pr...

9.8CVSS8.4AI score0.01054EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/29 5:49 p.m.5 views

EUVD-2025-36690

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

8.6CVSS6.3AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 1:23 a.m.5 views

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

9.3CVSS6.5AI score0.00402EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

Vesta Control Panel 安全漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version ee03eff and prior versions, which stems from embedded malicious code that could lead to a supply chain attack and administrator credential disclosure...

9.3CVSS6.7AI score0.00402EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18366

Malware in sbrugna...

7.8CVSS7.7AI score0.00363EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-1010

Malware in sbrugna...

7.5CVSS6.4AI score0.08644EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2018-18365

Malware in sbrugna...

7.8CVSS7.7AI score0.00474EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-13996

Malware in sbrugna...

5.5CVSS5.6AI score0.01413EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-19200

Malware in sbrugna...

6.1CVSS6.3AI score0.01324EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4231

Malware in sbrugna...

7.5CVSS6.4AI score0.0134EPSS
Exploits1References3
Rows per page
Query Builder