Lucene search
+L

223 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.23 views

CVE-2023-6035

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...

8.8CVSS7.7AI score0.00853EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/21 8:38 p.m.8 views

CVE-2002-2319

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...

7.5CVSS7.5AI score0.0225EPSS
Exploits1References1
OSV
OSV
added 2025/05/08 12:15 p.m.7 views

CVE-2025-2806

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

6.1CVSS6AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.6 views

WordPress plugin tagDiv Composer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS7.8AI score0.00277EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/02 12:8 a.m.15 views

CVE-2025-45011

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter...

5.3CVSS8.1AI score0.00283EPSS
Exploits1References1
CNVD
CNVD
added 2025/04/30 12:0 a.m.2 views

Rail Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that occurs when the searchdata parameter in the /admin/search-pass.php file is not properly filtered. An attacker can exploit this vulnerability to obtain...

9.8CVSS7.6AI score0.00438EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.7 views

PHPGurukul Nipah virus Testing Management System 注入漏洞

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file...

9.8CVSS8.2AI score0.00428EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/03/26 7:4 p.m.7 views

WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...

7.2CVSS7.3AI score0.00816EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/26 11:55 a.m.16 views

CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...

7.2CVSS7.5AI score0.00816EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/03/24 8:42 a.m.7 views

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

7.2CVSS9.1AI score0.0069EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/03/19 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the openResultToast function in InfoItemActionHandler.js, accessible via layout-taglib/liferay/index.js. An attacker can inject scripts by manipulating the toastData parameter. Details Cross-site scripting or...

6.1CVSS5.3AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exis...

6.1CVSS5.9AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/19 12:0 a.m.5 views

Curfew e-Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. The Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /admin/search-pass.php file parameter searchdata. An...

9.8CVSS8.3AI score0.00487EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/22 12:0 a.m.10 views

PT-2025-7403 · WordPress · Mambo Importer

Name of the Vulnerable Software and Affected Versions: Mambo Importer plugin for WordPress versions up to, and including, 1.0 Description: The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input via the data parameter in the fImportMenu...

7.2CVSS9.7AI score0.0062EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 10:2 a.m.15 views

CVE-2024-3551

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...

9.8CVSS7.8AI score0.00689EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.6 views

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the qosdat parameter of the qos.cgi qossettings function that fails to properly validate the length of the input data, which can be exploited by an...

9.1CVSS8.1AI score0.00845EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-2579 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos settings functionality. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an...

9.1CVSS7.5AI score0.00845EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.9 views

PT-2025-3843 · Unknown · Campcodes Deped Equipment Inventory System

Name of the Vulnerable Software and Affected Versions: CampCodes DepEd Equipment Inventory System version 1.0 Description: A vulnerability was found in the system, rated as problematic. It affects the processing of the file /data/add employee.php, where the manipulation of the data argument leads...

5.4CVSS4.4AI score0.00456EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.4 views

PT-2025-1722 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.15 Description: The issue is related to blind time-based SQL Injection via the data parameter due to insufficient escaping on the user-supplied parameter and...

7.5CVSS8.1AI score0.00453EPSS
Exploits0References8
CNVD
CNVD
added 2024/12/30 12:0 a.m.2 views

Maid Hiring Management System search-booking-request.php file cross-site scripting vulnerability

Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that stems from the lack of adequate validation and filtering of searchdata parameter inputs in the file /admin/search-booking-request.php. No details ...

6.1CVSS4AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder