Lucene search
+L

37 matches found

osv
osv
added 2025/12/29 5:32 a.m.4 views

CVE-2025-15174 SohuTV CacheCloud AppManageController.java doAppAuditList cross site scripting

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed...

5.1CVSS4.1AI score0.002EPSS
Exploits1References7
cnnvd
cnnvd
added 2025/12/29 12:0 a.m.5 views

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function doAppAuditList in the file...

5.4CVSS4.8AI score0.002EPSS
Exploits1References5
cve
cve
added 2025/12/28 5:32 p.m.17 views

CVE-2025-15146

CVE-2025-15146 affects SohuTV CacheCloud up to version 3.2.0. The vulnerability resides in doUserList (src/main/java/com/sohu/cache/web/controller/UserManageController.java); manipulated input can trigger cross-site scripting. The attack is remote and the exploit is publicly available. Mitigation...

4.8CVSS5.6AI score0.002EPSS
Exploits1References5Affected Software1
osv
osv
added 2025/12/28 5:2 p.m.4 views

CVE-2025-15145 SohuTV CacheCloud TotalManageController.java doTotalList cross site scripting

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit...

4.8CVSS4.1AI score0.00204EPSS
Exploits1References7
nvd
nvd
added 2025/12/28 10:15 a.m.8 views

CVE-2025-15130

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...

5.8CVSS0.00244EPSS
Exploits0References4
cve
cve
added 2025/12/28 9:32 a.m.12 views

CVE-2025-15130

The CVE-2025-15130 entry affects shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. The vulnerability resides in the Administrative Panel’s Function addPost in Application/Admin/Controller/FileManageController.class.php, enabling remote code injection. Multiple sources corroborate the i...

5.8CVSS6.7AI score0.00244EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/28 9:32 a.m.35 views

CVE-2025-15130 shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...

5.8CVSS0.00244EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/12/28 12:0 a.m.6 views

SyCms 代码注入漏洞

SyCms is a content management system for shanyu individual developers. SyCms code injection vulnerability exists, the vulnerability stems from the incorrect operation of the function addPost in the file Application/Admin/Controller/FileManageController.class.php, which may lead to code injection...

5.8CVSS5.5AI score0.00244EPSS
Exploits0References5
osv
osv
added 2025/05/21 6:15 p.m.5 views

CVE-2025-5033

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be...

5.3CVSS4.8AI score0.00231EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/05/21 12:0 a.m.6 views

TeaCMS 安全漏洞

TeaCMS is a blogging system by xiaobingby personal developer. A security vulnerability exists in TeaCMS version 2.0.2, which originates from an improperly functioning file src/main/java/me/teacms/controller/admin/UserManageController/addUser, which may lead to cross-site request forgery...

5.3CVSS4.8AI score0.00231EPSS
Exploits1References4
osv
osv
added 2025/05/14 10:15 p.m.3 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/05/14 12:0 a.m.6 views

oa_system 跨站脚本漏洞

oasystem is a hailey individual developer's application for the daily operation and management of organizations, used by employees and managers. A security vulnerability exists in oasystem versions prior to v2025.01.01, which stems from improperly cleaned inputs for the parameter title in the fil...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References3
osv
osv
added 2025/04/08 12:15 a.m.5 views

CVE-2025-3389

A vulnerability, which was classified as problematic, has been found in hailey888 oasystem up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to...

6.1CVSS3.9AI score0.00277EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/04/01 12:0 a.m.9 views

PT-2025-37310

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...

8.7CVSS6.2AI score0.02657EPSS
Exploits1References11
nvd
nvd
added 2023/01/26 9:18 p.m.25 views

CVE-2022-46999

Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...

9.8CVSS9.8AI score0.00957EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/03/24 12:0 a.m.5 views

TuziCMS SQL注入漏洞

TuziCMS Rabbit CMS is a PHP and MySQL based Content Management System CMS for enterprise website builders. A SQL injection vulnerability exists in the AppManageControllerhuantiController.class.php component of TuziCMS version v2.0.6. No information about this vulnerability is available at this...

9.8CVSS8.5AI score0.01064EPSS
Exploits1References2
cve
cve
added 2021/12/03 7:1 p.m.40 views

CVE-2021-44348

CVE-2021-44348 : TuziCMS v2.0.6 contains an SQL injection via the id parameter in App\Manage\Controller\AdvertController.class.php. This matches multiple connected sources (NVD, RED HAT, CNVD). Impact described in sources as potential disclosure of sensitive database information. The documents do...

9.8CVSS9.8AI score0.01057EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder