Lucene search
K

929 matches found

CNNVD
CNNVD
added 2026/02/17 12:0 a.m.7 views

PHPGurukul Student Management System 安全漏洞

PHPGurukul Student Management System is a student management system developed by PHPGurukul Corporation. Version 1.0 of the phpgurukul Student Management System has a security vulnerability; this vulnerability stems from the searchdata parameter in the studentms/admin/search.php file, which is...

8.8CVSS5.8AI score0.00328EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/16 5:4 p.m.5 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.15 views

PT-2026-8366

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in paramete...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.4 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.4 views

PT-2026-6886

Name of the Vulnerable Software and Affected Versions Bucketlister plugin for WordPress versions up to and including 0.1.5 Description The software contains a SQL Injection issue through the category and id attributes within its shortcode. Insufficient escaping of user-supplied parameters and...

6.5CVSS5.8AI score0.00217EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.5 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.0016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 4:41 p.m.13 views

CVE-2019-25303

The CVE-2019-25303 entry affects TheJshen ContentManagementSystem 1.04. It describes a SQL injection vulnerability exploitable via the GET parameter id, enabling boolean-based, time-based, and UNION-based techniques to extract or manipulate database information. The available documents consistent...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6462

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

8.7CVSS6.2AI score0.00473EPSS
Exploits3References5
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.9 views

Group Office 参数注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained a parameter injection vulnerability. This vulnerability stemmed from the direct passing of the lang parameter to system commands, which coul...

9.4CVSS6.2AI score0.00799EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Symfony parameter injection vulnerability

Symfony is a PHP framework developed by Symfony Inc. for web and console applications, along with a set of reusable PHP components. Symfony has a parameter injection vulnerability, which arises from the Process component improperly handling special characters when escaping parameters on Windows,...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.5 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.11 views

WatchYourLAN parameter injection vulnerability

WatchYourLAN is a lightweight network IP scanner developed by Andrew Erlikh individually using Go language. WatchYourLAN has a parameter injection vulnerability; this vulnerability arises from the lack of validation for the string provided by the user when processing the arpstrs parameter, which...

8.8CVSS7.6AI score0.00665EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 12:15 p.m.7 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 11:45 a.m.3 views

CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 11:45 a.m.12 views

CVE-2025-10024

Technical details about CVE-2025-10024 are not publicly provided in the supplied documents; no affected versions, root cause, or remediation are stated. Monitor for updates from vendors and security advisories.

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/22 11:45 a.m.3 views

EUVD-2026-4166

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:45 a.m.1 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 11:45 a.m.27 views

CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

EXERT Education Management System has a security vulnerability

EXERT Education Management System is a comprehensive education management software developed by the Turkish company EXERT. The version 23.09.2025 and earlier of the EXERT Education Management System contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-3926

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
Rows per page
Query Builder