Lucene search
K

902 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 9:22 p.m.2 views

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/13 9:22 p.m.5 views

EUVD-2026-12175

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25396

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References7
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4568 Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio

Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio...

5.8AI score
Exploits0References4
EUVD
EUVD
added 2026/03/09 8:50 p.m.6 views

EUVD-2026-10357

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/06 3:31 p.m.6 views

EUVD-2018-21651

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

8.8CVSS6.1AI score0.0036EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 1:16 p.m.6 views

CVE-2018-25199

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

9.8CVSS0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25199

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

8.8CVSS6.1AI score0.0036EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/06 12:19 p.m.10 views

CVE-2018-25171

EdTv 2 contains an SQL injection vulnerability exploitable by unauthenticated attackers via the id parameter in GET requests to admin/edit_source, enabling extraction of database information (schemas, credentials, version). The issue is triggered by crafted SQL UNION statements. Public references...

8.8CVSS6.1AI score0.00281EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:18 p.m.3 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23708

Name of the Vulnerable Software and Affected Versions OOP CMS BLOG version 1.0 Description The software contains SQL injection flaws that permit unauthenticated attackers to execute arbitrary SQL queries through multiple parameters. Attackers can inject SQL commands via the search parameter in...

9.8CVSS6.1AI score0.0036EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Phpmassmail EverSync 安全漏洞

Phpmassmail EverSync is a synchronization tool developed by the Phpmassmail company. Version 0.5 of Phpmassmail EverSync contains a security vulnerability. This vulnerability stems from the existence of arbitrary files in the files directory, which may lead to the download of database files...

8.7CVSS5.9AI score0.00266EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/04 6:34 a.m.173 views

Exploit for SQL Injection in Dbgpt Db-Gpt

DBGPT Unauthenticated Information Disclosure & SQL Execution P...

9.8CVSS7.6AI score0.01083EPSS
Exploits2
OSV
OSV
added 2026/03/03 6:16 p.m.3 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS5.8AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/03/03 6:16 p.m.8 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS6AI score0.00235EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/26 10:48 p.m.4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the http.Error function. An attacker can obtain sensitive database credentials by triggering database errors through authenticated HTTP requests. Remediation Upgrade...

7.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/02/26 10:48 p.m.2 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the http.Error function. An attacker can obtain sensitive database credentials by triggering database errors through authenticated HTTP requests. Remediation Upgrade...

7.1CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/26 10:48 p.m.8 views

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/26 10:48 p.m.3 views

GHSA-GJ6X-Q8RH-WJ6X Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

7.1CVSS6AI score
Exploits0References5
Rows per page
Query Builder