1080 matches found
NocoBase - SQL Injection
NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...
CVE-2026-46686
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...
CVE-2026-46686 Emlog Reflected Cross-Site Scripting
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...
CVE-2026-12385
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...
CVE-2026-12385
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...
CVE-2026-12385 Smart Slider 3 <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via WP_Query Parameter Injection via 'keyword' Parameter
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...
CVE-2026-12385
CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...
openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...
CVE-2026-11453
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...
CVE-2026-11466
CVE-2026-11466 affects the zilliztech deep-searcher up to version 0.0.2. The issue is in deepsearcher/agent/collection_router.py (function CollectionRouter.invoke ), where argument kwargs manipulation leads to improper access controls. This enables remote exploitation ; the exploit is publicly av...
CVE-2026-11453
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
PT-2026-47176
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
Tiobon Employee Self-Service System SQL注入漏洞
The Tiobon Employee Self-Service System is an enterprise employee self-service platform developed by Tiobon Corporation. Versions of the Tiobon Employee Self-Service System prior to 7.2 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter...
CVE-2026-49371
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...
JetBrains TeamCity < 2026.1.1 Reflected XSS (CVE-2026-49371)
The version of JetBrains TeamCity installed on the remote host is prior to 2026.1.1. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49371 Note that Nessus has not tested for this issue but has instea...
CVE-2026-10121
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keywordlist/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploi...
CVE-2026-49371
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...
CVE-2026-49371
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...
CVE-2026-49371
CVE-2026-49371 affects JetBrains TeamCity prior to version 2026.1.1, where the keyword filter is vulnerable to a reflected XSS. The CVE entry documents an in-the-wild impact of a high-severity issue (CVSS 3.1: 7.1, NETWORK attack vector, UI interaction required) originating from insufficient inpu...