Lucene search
K

27 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.6 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:30 p.m.5 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS6AI score0.00359EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.15 views

CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51703

Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...

4.3CVSS5.6AI score0.00103EPSS
Exploits0References9
CVE
CVE
added 2026/04/15 10:54 a.m.46 views

CVE-2026-30778

CVE-2026-30778 affects Apache SkyWalking OAP where the /debugging/config/dump endpoint may leak sensitive configuration data (including MySQL/PostgreSQL-related details) in versions 9.7.0 through 10.3.0. The exposure is tied to the configuration dump functionality, potentially revealing credentia...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-2808

Malware in sbrugna...

9.8CVSS9.5AI score0.01035EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11440

Malware in sbrugna...

5.4CVSS5.5AI score0.00624EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.8 views

CVE-2021-24528

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

5.4CVSS5.5AI score0.00624EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2025/04/27 12:0 a.m.7 views

The vulnerability of the LockDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the LockDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

9CVSS5.7AI score0.00594EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the UpdateDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

9CVSS6.7AI score0.00732EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fro...

8.7CVSS5.8AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.7CVSS5.8AI score0.00732EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.5 views

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UnlockDatabaseSettings, which can be exploited by an attacker to bypas...

8.8CVSS8.4AI score0.00594EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.358 views

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Title = Carbon Forum 5.9.0 - Multiple Exploits - Author = bRpsd [email protected] - Date Release = 22 June, 2024 - Vendor = Carbon Forum https://www.94cb.com/ Download = https://github.com/lincanbin/Carbon-Forum Vulnerable Versions = 5.9.0 = Tested Version = 5.9.0 on xampp Server. Vulnerability 1 :...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2023/06/19 12:0 a.m.20 views

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

5.9AI score0.00239EPSS
Exploits0References5
Prion
Prion
added 2023/03/27 9:15 p.m.22 views

Directory traversal

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...

4CVSS6.5AI score0.08826EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/30 2:11 p.m.26 views

CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

5.5AI score0.00624EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2021/04/08 12:0 a.m.22 views

PostgreSQL: Database settings for Compliance Tests

Allows to set various PostgreSQL database settings used for compliance tests. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2AI score
Exploits0
Prion
Prion
added 2017/07/12 9:29 p.m.21 views

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

7.5CVSS9.7AI score0.01035EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/12 9:0 p.m.19 views

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

9.9AI score0.01035EPSS
Exploits0References1
Rows per page
Query Builder