Lucene search
K

62 matches found

CVE
CVE
added 2025/08/20 6:2 p.m.21 views

CVE-2025-9238

CVE-2025-9238 affects the Swatadru Exam-Seating-Arrangement, specifically the Student Login component where the vulnerable function resides in the file /student.php. Manipulating the email argument can lead to a SQL injection, with remote exploitation possible. Multiple sources (NVD, Red Hat, CVE...

7.5CVSS7.4AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.8 views

PT-2025-33455 · Sourcecodester · Sourcecodester Online Dj Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in SourceCodester Online Bank Management System up to version 1.0. The issue affects unknown code within the /bank/transfer.php file. Manipulation of...

9.8CVSS8AI score0.00463EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/08/13 8:2 p.m.12 views

CVE-2025-8927 mtons mblog Verification Code send_code excessive authentication

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

6.3CVSS0.00636EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.167 views

📄 Plane 0.23.1 Server-Side Request Forgery

Plane version 0.23.1 suffers from a server-side request forgery vulnerability. Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version:...

7.1AI score
Exploits0
OSV
OSV
added 2025/01/21 9:15 p.m.7 views

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

5.4CVSS5.8AI score0.00776EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.7 views

CTFd 安全漏洞

CTFd is a Capture The Flag framework open-sourced by CTFd. A security vulnerability exists in CTFd version 3.7.3, which stems from a vulnerability that allows an attacker to trigger a Regular Expression Denial of Service ReDoS by supplying a crafted string as an email address during registration...

7.5CVSS6.6AI score0.00694EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.274 views

Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : printable staff id card creator system 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
OSV
OSV
added 2024/06/18 9:15 p.m.2 views

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

3.7CVSS4.5AI score0.00605EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

Pharmacy/Medical Store Point of Sale System SQL Injection Vulnerability

Pharmacy/Medical Store Point of Sale System is a pharmacy/pharmacy point of sale POS system by fkgeo Personal Developer. A SQL injection vulnerability exists in the Pharmacy/Medical Store Point of Sale System version 1.0, which stems from insufficient validation of user input for the email and...

9.8CVSS8AI score0.00524EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.4 views

PT-2024-40250 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...

8.1CVSS7.1AI score
Exploits0References5
NVD
NVD
added 2024/03/28 7:15 p.m.13 views

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

6.4CVSS7AI score0.00896EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/28 12:0 a.m.12 views

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

7.3AI score0.00896EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-23743 · Unknown · Insurance Management System

Name of the Vulnerable Software and Affected Versions: Insurance Mangement System versions 1.0.0 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the Email input field. This is a Cross Site Scripting vulnerability. Recommendations: For Insurance Mangement...

6.4CVSS7.4AI score0.00896EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.6 views

PT-2024-22390 · Unknown · Campcodes Online Shopping System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping System version 1.0 Description: A vulnerability was found in the file /offersmail.php, where the manipulation of the email argument leads to cross-site scripting. The attack can be initiated remotely. Recommendations...

6.1CVSS6.6AI score0.00507EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-15748 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is related to Second Order SQL Injection via the email address value submitted throug...

9.8CVSS10AI score0.00778EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/10/18 1:2 a.m.3 views

SUSE CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4.3CVSS6.8AI score0.00386EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

Nextcloud Resource Management Error Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud calendar version 1.0.0 and later versions, which stems from a lack of precondition checking,...

4.3CVSS6.9AI score0.00386EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.3 views

Event Management System 跨站脚本漏洞

Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...

6.1CVSS3.9AI score0.00657EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.4 views

Pharmacy Management System SQL注入漏洞

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the electronic email and password in login.php Lack of validation of externally entered SQL...

9.8CVSS6.1AI score0.00804EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/07/06 7:27 p.m.77 views

Improper handling of email input

Impact An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: [email protected], Before signing in, claim your money!. This was previously sent to...

7.1CVSS6.1AI score0.01051EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder