Lucene search
K

846 matches found

Vulnrichment
Vulnrichment
added 2025/08/29 1:2 a.m.2 views

CVE-2025-9602 Xinhu RockOA index.php publicsaveAjax improper authorization

A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

6.5CVSS6.4AI score0.00246EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/29 1:2 a.m.11 views

CVE-2025-9602 Xinhu RockOA index.php publicsaveAjax improper authorization

A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

6.5CVSS0.00246EPSS
Exploits1References5
OSV
OSV
added 2025/08/27 2:15 p.m.2 views

CVE-2025-9529

A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to t...

7.2CVSS5.6AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/27 1:32 p.m.3 views

CVE-2025-9529 Campcodes Payroll Management System index.php include file inclusion

A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to t...

7.5CVSS7AI score0.00492EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/27 1:32 p.m.12 views

CVE-2025-9529 Campcodes Payroll Management System index.php include file inclusion

A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to t...

7.5CVSS0.00492EPSS
Exploits1References5
CVE
CVE
added 2025/08/27 12:0 a.m.22 views

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...

9.8CVSS8.7AI score0.00421EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.5 views

PT-2025-34865

Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A weakness has been identified in Campcodes Payroll Management System 1.0. The manipulation of the page argument in the /index.php file’s include function causes a file inclusion...

7.5CVSS7AI score0.00492EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

AbanteCart 安全漏洞

AbanteCart is an open source e-commerce platform by AbanteCart. A security vulnerability exists in AbanteCart version 1.4.2, which stems from an unvalidated tmplid parameter in index.php, which could lead to a SQL injection attack...

9.8CVSS7.5AI score0.00421EPSS
Exploits1References2
CVE
CVE
added 2025/08/26 12:0 a.m.18 views

CVE-2025-50971

CVE-2025-50971 affects AbanteCart v1.4.2, exposing a directory traversal flaw that allows unauthenticated access to sensitive system files via the template parameter in index.php. Impact is a confidentiality breach; there is no indication of integrity/availability compromise in the provided sourc...

7.5CVSS6.8AI score0.00907EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/08/26 12:0 a.m.7 views

CVE-2025-50971

Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php...

0.00907EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34807 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: A directory traversal issue exists in AbanteCart version 1.4.2 that allows unauthenticated attackers to access sensitive system files. This is achieved by manipulating the template parameter within the...

7.2AI score0.00907EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.2 views

PT-2025-34668 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Hospital Management System version 4.0 Description: The phpgurukul Hospital Management System is susceptible to SQL Injection via the username parameter in the index.php file. Recommendations: As a temporary workaround, sanitize th...

9.8CVSS7.6AI score0.0033EPSS
Exploits0References3
CVE
CVE
added 2025/08/25 12:0 a.m.14 views

CVE-2025-56214

The CVE-2025-56214 entry concerns phpgurukul Hospital Management System 4.0, which is vulnerable to SQL Injection in index.php via the username parameter. The vulnerability stems from unsafely handling user input in a PHP/MySQL context, enabling potentially arbitrary SQL execution with a base CVS...

9.8CVSS8.3AI score0.0033EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/21 4:34 p.m.14 views

CVE-2025-9147

A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The...

6.1CVSS6.4AI score0.00333EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-26147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin...

7.5CVSS7AI score0.00926EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/19 4:32 p.m.11 views

CVE-2025-9147 jasonclark getsemantic index.php cross site scripting

A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The...

5.1CVSS0.00333EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33752 · Jasonclark · Getsemantic

Name of the Vulnerable Software and Affected Versions: jasonclark getsemantic versions up to 040c96eb8cf9947488bd01b8de99b607b0519f7d Description: A vulnerability exists in jasonclark getsemantic. The issue is related to cross site scripting, triggered by manipulating the view argument in the...

5.1CVSS6.5AI score0.00333EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-8098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial...

6.5CVSS6.6AI score0.01423EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/16 10:10 a.m.6 views

CVE-2025-7761

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did no...

5.1CVSS6.5AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/14 10:27 a.m.4 views

CVE-2025-55198

A flaw was found in helm.sh/helm/v3. Improper validation of type errors during parsing of Chart.yaml and index.yaml files can trigger a panic. A remote attacker, requiring user interaction, can trigger this panic via a malformed chart file. This can lead to an application level denial of service...

6.5CVSS7AI score0.00311EPSS
Exploits0References5
Rows per page
Query Builder