Lucene search
K

217 matches found

OSV
OSV
added 2025/07/29 6:15 p.m.1 views

CVE-2025-53712

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpmAP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 6:15 p.m.3 views

CVE-2025-53711

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The attac...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/29 5:57 p.m.2 views

CVE-2025-53711

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Mobile Shop EditMobile.php File SQL Injection Vulnerability

Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /EditMobile.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Modern Bag product-update.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.1 views

Library System add-book.php file code issue vulnerability

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...

9.8CVSS7.3AI score0.00325EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.1 views

Car Rental System add_cars.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter carname in the file /admin/addcars.php. An attacker can use this vulnerability to execute illegal S...

9.8CVSS8AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.1 views

Simple Online Hotel Reservation System index.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.3 views

Simple Pizza Ordering System saveorder.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /saveorder.php. An attacker can exploit this...

9.8CVSS8AI score0.00399EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.2 views

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.11 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS6.9AI score0.00202EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.6 views

CVE-2022-1953

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...

9.1CVSS7AI score0.01662EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.3 views

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

5.3CVSS7.3AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 6:15 a.m.1 views

CVE-2025-1625

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00256EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.6 views

The vulnerability of the HTTP-Proxy software for network firewalls, the UserGate Next-Generation Firewall (NGFW), allows a hacker to read arbitrary files.

The vulnerability of the HTTP-Proxy software of the UserGate Next-Generation Firewall exists due to the lack of measures to check input data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

8.6CVSS5.7AI score
Exploits0Affected Software1
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

COVID19 Testing Management System test-details.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Status in the /test-details.php...

9.8CVSS8.2AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.4 views

Amplify Codegen UI 安全漏洞

Amplify Codegen UI is an AWS Amplify open source React component generated for use in the AWS Amplify project. A security vulnerability exists in Amplify Codegen UI that stems from a lack of input validation for AWS Amplify Studio UI component property expressions, which could lead to the executi...

9.5CVSS8.7AI score0.01003EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/22 12:0 a.m.3 views

Apache Oozie 安全漏洞

Apache Oozie is an application from the Apache Apache Foundation, USA. Provides a workflow scheduler system for managing Apache Hadoop job functions. Apache Oozie has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

5.4CVSS6.2AI score0.00466EPSS
Exploits0References3
CNVD
CNVD
added 2025/03/07 12:0 a.m.2 views

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

8.8CVSS7.1AI score0.00451EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.3 views

PT-2025-2407 · Qualcomm · Snapdragon +32

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to memory corruption that occurs when input parameter validation for the number of fences is missing for fence frame IOCTL calls...

7.8CVSS7.1AI score0.00128EPSS
Exploits0References6
Rows per page
Query Builder