Lucene search
K

25 matches found

CVE
CVE
added yesterday8 views

CVE-2026-15202

CVE-2026-15202 affects YzmCMS up to version 7.5. The vulnerability resides in the get_url function of /yzmphp/yzmphp.php within the Header Handler, where manipulation of the HTTP_HOST argument enables cross-site scripting. Exploitation is remote and publicly disclosed. Vendor contact did not elic...

5.3CVSS4.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS
Exploits0References5
OSV
OSV
added 2026/04/16 8:40 p.m.21 views

GHSA-JGCF-RF45-2F8V Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 6:31 p.m.5 views

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

6.9CVSS5.6AI score0.00398EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-2234

Malware in sbrugna...

6.1CVSS5.8AI score0.01289EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:42 p.m.4 views

Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:42 p.m.8 views

MAL-2024-2353 Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.7 views

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References5
Patchstack
Patchstack
added 2023/02/16 12:0 a.m.6 views

WordPress Get URL Cron Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Get URL Cron Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ed2c1394cbbb Credits Rio Darmawan Required privilege...

6.8AI score
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

7.5CVSS7.4AI score0.01302EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.21 views

Gitea XSS Vulnerability

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.9AI score0.0084EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/12/23 8:15 p.m.2 views

ALPINE-CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

7.5CVSS6.9AI score0.01302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/12/13 12:0 a.m.4 views

PT-2021-24127 · Privoxy +4 · Privoxy +4

Name of the Vulnerable Software and Affected Versions: Privoxy affected versions not specified Description: A vulnerability was found in Privoxy, which was fixed by freeing the memory of the compiled pattern spec before bailing in the get url spec param function. Recommendations: At the moment,...

7.8CVSS7.5AI score0.02355EPSS
Exploits0References61
OSV
OSV
added 2021/10/15 3:15 p.m.3 views

CVE-2021-40728

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...

7.8CVSS7.6AI score0.53533EPSS
Exploits0References1
Prion
Prion
added 2020/03/10 9:15 p.m.15 views

Cross site scripting

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

4.3CVSS6.2AI score0.00781EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/02/04 1:17 p.m.33 views

CVE-2019-10221

A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...

6.1CVSS5.4AI score0.01289EPSS
Exploits0References3
NVD
NVD
added 2019/11/25 11:15 p.m.24 views

CVE-2019-10771

Characters in the GET url path are not properly escaped and can be reflected in the server response...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References1
Prion
Prion
added 2019/11/25 11:15 p.m.13 views

Design/Logic Flaw

Characters in the GET url path are not properly escaped and can be reflected in the server response...

4.3CVSS6.2AI score0.00679EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/18 5:15 p.m.16 views

CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.7AI score0.0084EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/07/18 5:15 p.m.20 views

CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.5AI score0.0084EPSS
Exploits0References2
Rows per page
Query Builder