CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

GHSA-F3RG-XQJJ-CJ9W n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant...

CVE-2026-22209

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1...

CVE-2019-12741

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

EUVD-2020-29701

Malware in sbrugna...

EUVD-2004-1553

Malware in sbrugna...

EUVD-2017-12975

Malware in sbrugna...

EUVD-2019-0503

Malware in sbrugna...

EUVD-2024-41653

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

CVE-2023-23779

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted...

CVE-2025-40617

CVE-2025-40617 is a SQL injection vulnerability in Bookgy. Reported impact includes the ability to retrieve, create, update, and delete databases via HTTP requests to /bkg_seleccionar_hora_ajax.php using the IDTIPO, IDPISTA, and IDSOCIO parameters. Affected product is Bookgy (no specific version ...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the header filtering mechanism that only blocks headers starting with specific prefixes, and may be manipulated to treat parameter values as headers. If an application accepts HTTP...

CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

CVE-2025-29891

CVE-2025-29891 describes a bypass/injection in Apache Camel where the default incoming header filter may be bypassed, allowing headers to influence internal components (e.g., camel-bean, camel-exec) via HTTP parameters or headers. Affected versions: Camel 4.10.0–4.10.1/4.10.0–4.10.1, 4.8.0–4.8.4/...

CVE-2024-45738 Sensitive information disclosure in REST_Calls logging channel

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the internal index. This exposure could happen if you configure the Splunk Enterprise RESTCalls log channel at the DEBUG logging level...

CVE-2024-45738 Sensitive information disclosure in REST_Calls logging channel

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the internal index. This exposure could happen if you configure the Splunk Enterprise RESTCalls log channel at the DEBUG logging level...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which stems from the possibility of exposing sensitive...

Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3, 9.3.0 < 9.3.1 (SVD-2024-1008)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1008 advisory. - In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to th...