Lucene search
K

178 matches found

Vulnrichment
Vulnrichment
added 2025/10/03 8:30 p.m.3 views

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS7AI score0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-32554

Malicious code in bioql PyPI...

9CVSS8.6AI score0.02375EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4370

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.01386EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-28345

Malicious code in bioql PyPI...

8.5CVSS8.1AI score0.0139EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26919

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-40965

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00431EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29103

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.3 views

CVE-2025-58645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affects Gravitate Automated Tester: from n/a through = 1.4.5...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/24 6:30 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the logoNavbar or logoLogin arguments in the SVG File Handler component of the /admin path. An attacker can inject and execute arbitrary scripts by supplying crafted input to these arguments. Details...

4.8CVSS4AI score0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

7AI score0.00502EPSS
Exploits0References2
CNVD
CNVD
added 2025/09/23 12:0 a.m.2 views

IBM Copy Services Manager Cross-Site Scripting Vulnerability

IBM Copy Services Manager is IBM's data replication management software for simplifying and automating data replication operations in enterprise storage environments. A cross-site scripting vulnerability exists in IBM Copy Services Manager 6.3.13, which stems from insufficient filtering and...

6.1CVSS6.1AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/27 12:0 a.m.2 views

esri Portal for ArcGIS Enterprise Sites Cross-Site Scripting Vulnerability (CNVD-2025-21186)

esri Portal for ArcGIS Enterprise Sites is an enterprise-level geographic information sharing platform from ESRI that allows users within an organization to view, edit, and share geographic information through the portal. A cross-site scripting vulnerability exists in esri Portal for ArcGIS...

4.8CVSS6.9AI score0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/22 6:31 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

6.4CVSS5.4AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/20 9:30 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the portletNamespace and namespace of the Dynamic Data Mapping portlet. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious input into these...

5.4CVSS5.5AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 6:2 p.m.20 views

CVE-2025-9238

CVE-2025-9238 affects the Swatadru Exam-Seating-Arrangement, specifically the Student Login component where the vulnerable function resides in the file /student.php. Manipulating the email argument can lead to a SQL injection, with remote exploitation possible. Multiple sources (NVD, Red Hat, CVE...

7.5CVSS7.4AI score0.00302EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...

10CVSS6.7AI score0.02917EPSS
Exploits0References2
OSV
OSV
added 2025/07/08 7:15 a.m.2 views

CVE-2025-42956

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create...

6.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 3:7 p.m.2 views

CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

6AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/24 7:43 a.m.1 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Overview apache-airflow-providers-snowflake is a Provider package apache-airflow-providers-snowflake for Apache Airflow Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the...

9.8CVSS8.1AI score0.00593EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.271 views

AirKeyboard iOS App 1.0.5 - Remote Input Injection

Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...

7.4AI score
Exploits0
Rows per page
Query Builder