Lucene search
K

448 matches found

CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

AndSoft e-TMS SQL注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...

9.8CVSS7.9AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/25 12:0 a.m.4 views

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00543EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/22 3:14 p.m.7 views

CVE-2025-36202 IBM webMethods Integration code execution

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

7.5CVSS0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2025-38725

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.15 and 11.1 Description An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an...

7.5CVSS6.7AI score0.00316EPSS
Exploits0References4
CNVD
CNVD
added 2025/09/08 12:0 a.m.4 views

appRain CMF SQL Injection Vulnerability (CNVD-2025-21132)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 1:15 p.m.9 views

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

9.8CVSS0.13782EPSS
Exploits3References2
OSV
OSV
added 2025/09/03 1:15 p.m.2 views

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

9.8CVSS5.8AI score0.13782EPSS
Exploits3References2
CNVD
CNVD
added 2025/08/20 12:0 a.m.5 views

Job Diary user-apply.php file SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter jobtitle in the file /user-apply.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

9.8CVSS8.3AI score0.00409EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.5 views

WellChoose Organization Portal System SQL注入漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a SQL injection vulnerability that arises from the application's lack of validation of externally entered SQL statements. The...

7.5CVSS8.2AI score0.00356EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
OSV
OSV
added 2025/08/01 1:3 p.m.2 views

OESA-2025-1934 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6.6AI score0.00472EPSS
Exploits0References10
OSV
OSV
added 2025/08/01 1:3 p.m.6 views

OESA-2025-1933 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6.6AI score0.00472EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

code-projects Exam Form Submission 注入漏洞

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes8.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

9.8CVSS8.2AI score0.00498EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

SonicWALL SonicOS SSLVPN 格式化字符串错误漏洞

SonicWALL SonicOS SSLVPN is a virtual private network for secure remote access from SonicWALL USA. A Formatting String Error vulnerability exists in SonicWALL SonicOS SSLVPN that originates from an externally controlled formatting string and could result in a service interruption...

9.8CVSS5.9AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.3 views

Modern Bag product-detail.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /product-detail.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal S...

9.8CVSS8.2AI score0.00454EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.2 views

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter msg in the file /user/sendmessage.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

8.8CVSS7AI score0.00361EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

Code-Projects Jonnys Liquor 注入漏洞

jonnys Liquor is a content and management system. jonnys Liquor suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /browse.php. An attacker can exploit this vulnerability to execute illeg...

9.8CVSS8.1AI score0.00399EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.6 views

PHPGurukul Zoo Management System 安全漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.01721EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.5 views

Inventory Management System removeUser.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /phpaction/removeUser.php for externally entered SQL statements. An attacker can...

9.8CVSS7.9AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.4 views

Online Bidding System bidlog.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /bidlog.php. An attacker can exploit this vulnerability to execute...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
Rows per page
Query Builder