CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CVE-2026-10284

The CVE-2026-10284 entry concerns DevaslanPHP Project-Management up to version 2.0.0-beta1. The vulnerability affects the Livewire Handler component, specifically the editComment and doDeleteComment functions within app/Filament/Resources/TicketResource/Pages/ViewTicket.php. The root cause is imp...

5.5CVSS5.5AI score0.00043EPSS

Exploits0References6

Positive Technologies•added 3 days ago•6 views

PT-2026-45549

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.5AI score0.00043EPSS

Exploits0References7

NVD•added 2008/12/08 11:30 p.m.•9 views

CVE-2008-5376

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.tag.tmp temporary file...

6.9CVSS6.2AI score0.00024EPSS

Exploits0References2

UbuntuCve•added 2008/12/08 11:30 p.m.•16 views

CVE-2008-5376

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.tag.tmp temporary file...

6.9CVSS6AI score0.00024EPSS

Exploits0References1

Cvelist•added 2008/12/08 11:0 p.m.•13 views

CVE-2008-5376

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.tag.tmp temporary file...

6.2AI score0.00024EPSS

Exploits0References2

CVE•added 2008/12/08 11:0 p.m.•44 views

CVE-2008-5376

In Crip 3.7, an local-privilege vulnerability exists: editcomment allows local users to overwrite arbitrary files through a symlink attack on a /tmp/*.tag.tmp temporary file. Root cause is improper handling of temp file creation/overwrite, enabling a symlink to redirect writes. The CVE entry note...

6.9CVSS6.2AI score0.00024EPSS

Exploits0References2Affected Software1

Prion•added 2007/06/06 1:30 a.m.•13 views

Sql injection

SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...

7.5CVSS8.7AI score0.00835EPSS

Exploits1References5Affected Software1

0day.today•added 2007/06/01 12:0 a.m.•12 views

Particle Gallery <= 1.0.1 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== Particle Gallery setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; i...

7.1AI score

Exploits0

CVE•added 2005/06/14 4:0 a.m.•42 views

CVE-2005-1948

CVE-2005-1948 affects Invision Gallery prior to 1.3.1. The product is vulnerable to multiple SQL injection flaws via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo, due to improper sanitization of user-supplied data. Remote attackers could ex...

7.5CVSS8.5AI score0.00359EPSS

Exploits1References3Affected Software1

NVD•added 2005/06/09 4:0 a.m.•11 views

CVE-2005-1948

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via 1 the comment parameter in an editcomment action or 2 the rating parameter when voting on a photo...

7.5CVSS8.5AI score0.00359EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by