Lucene search
K

967 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2025-56605

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 6:31 p.m.7 views

EUVD-2025-208121

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 12:0 a.m.24 views

CVE-2025-56605

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 5:25 p.m.3 views

CVE-2025-70833

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user including the administrator and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php...

9.4CVSS5.8AI score0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:38 a.m.4 views

CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

5.1CVSS5.5AI score0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/16 5:4 p.m.4 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.12 views

PT-2026-8366

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in paramete...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/10 5:27 p.m.4 views

CVE-2026-0652 Remote Code Execution on TP-Link Tapo C260 by Guest User

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cau...

8.7CVSS6.1AI score0.22757EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.5 views

CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/02/05 4:13 p.m.13 views

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the panel_content POST parameter. The issue arises from insufficient sanitization of user input before rendering in the browser, enabling an attacker to inject arbitrary JavaScript that executes in the context of the af...

6.1CVSS5.5AI score0.00246EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/03 10:16 p.m.8 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.2CVSS5.9AI score0.00365EPSS
Exploits1References3
NVD
NVD
added 2026/02/03 10:16 p.m.7 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.5 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.14 views

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.28 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.7AI score0.00365EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 7:1 p.m.3 views

GHSA-QX9P-W3VJ-Q24Q OpenSTAManager has an SQL Injection in the Stampe Module

Vulnerability Details Location - File: modules/stampe/actions.php - Line: 26 - Vulnerable Code: php case 'update': if !emptyintvalpost'predefined' && !emptypost'module' $dbo-query'UPDATE zzprints SET predefined = 0 WHERE idmodule = '.post'module'; // ↑ Direct concatenation without prepare...

8.7CVSS6AI score0.00374EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability. This vulnerability stems from the post parameter on the post.php file, which can be exploited by SQL injection attacks, potentially leading to...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3
NVD
NVD
added 2026/01/28 6:16 p.m.4 views

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS0.00282EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.6 views

EUVD-2020-30879

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3
Rows per page
Query Builder