Lucene search
K

448 matches found

CNVD
CNVD
added 2025/06/27 12:0 a.m.2 views

Car Rental System message_admin.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the messageadmin.php file's parameter Message. An attacker can use this vulnerability to execute illegal SQL commands...

9.8CVSS8AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.3 views

Online Shoe Store cart.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter qty in the file /cart.php. The vulnerability can be exploited to execute illegal SQL...

9.8CVSS7.9AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.5 views

Code-Projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the editCategoriesName parameter in the /phpaction/editCategories.php file for externally entered SQL statements. An...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.5 views

Code-Projects Simple Pizza Ordering System 注入漏洞

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /addmem.php. An attacker can exploit this vulnerability to execute illegal...

9.8CVSS8.1AI score0.00399EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.5 views

PHPGurukul Hostel Management System 注入漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the Username parameter of the /includes/login-hm.inc.php file. An attacker can use this...

9.8CVSS7.8AI score0.00421EPSS
Exploits1References7
CNVD
CNVD
added 2025/06/17 12:0 a.m.4 views

School Fees Payment System datatable.php File SQL Injection Vulnerability

School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter sSortDir0 in the file /datatable.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00421EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/30 12:0 a.m.3 views

Employee Record Management System /myprofile.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter EmpCode in the file /myprofile.php. An attacker...

9.8CVSS8.3AI score0.00412EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.5 views

CVE-2021-37130

There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly valida...

7.5CVSS7.1AI score0.00828EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.3 views

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. The CampCodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter Name in the file /pages/supplieradd.php for externally entered SQL...

9.8CVSS8.1AI score0.00421EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to cause a data leak or complete database corruption...

10CVSS7.9AI score0.00496EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/31 4:42 p.m.3 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...

8.7CVSS7AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 5:15 p.m.2 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS6.1AI score0.00234EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/28 12:0 a.m.14 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Tcpreplay vulnerabilities (USN-7231-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7231-1 advisory. It was discovered that Tcpreplay incorrectly handled memory when using the tcprewrite utility. A remote...

7.5CVSS6.6AI score0.01506EPSS
Exploits9References10
BDU FSTEC
BDU FSTEC
added 2025/01/09 12:0 a.m.6 views

The vulnerability of the Addressing system’s plugin for requests, incidents, and inventory management of computer equipment in GLPI arises from the use of an external controlled input for selecting classes or codes. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the addressing plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the use of an external controlled input for selecting classes or codes. Exploiting this vulnerability can allow a malicious actor to gain unauthorized...

8.5CVSS5.5AI score0.00502EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.3 views

TaskMatic 安全漏洞

TaskMatic is an automation assistant from TaskMatic. TaskMatic version 1.0 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

8.8CVSS8.2AI score0.0065EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.8 views

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

...

7.5CVSS7.7AI score0.02278EPSS
Exploits1
Redos
Redos
added 2024/08/06 12:0 a.m.18 views

ROS-20240806-06

Vulnerability of ruby-find-library-file function of EMACS text editor is related to incorrect neutralization of special elements. neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the lib-src/etags.c file of th...

9.8CVSS8AI score0.01639EPSS
Exploits0
CNVD
CNVD
added 2024/07/29 12:0 a.m.6 views

Tailoring Management System SQL Injection Vulnerability

Tailoring Management System is itsourcecode open source a tailoring management system . Tailoring Management System version 1.0 SQL injection vulnerability , the vulnerability stems from the parameter title lack of validation of external input SQL statements . An attacker can exploit this...

9.8CVSS7.9AI score0.0062EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/12 12:0 a.m.7 views

Learning Management System SQL Injection Vulnerability (CNVD-2024-35193)

Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...

9.8CVSS8.4AI score0.00488EPSS
Exploits1References1
OSV
OSV
added 2024/06/12 5:15 p.m.1 views

CVE-2024-37878

Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcmsview/default,index.htm.php" PHP directly echoes parameters input from external sources...

6.1CVSS6.1AI score0.00374EPSS
Exploits0References1
Rows per page
Query Builder