Lucene search
K

926 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.14 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...

6.7CVSS6.1AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 9:30 p.m.7 views

EUVD-2026-23306

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33370

Name of the Vulnerable Software and Affected Versions My Calendar versions prior to 3.7.7 Description An unauthenticated issue exists in the 'mc ajax mcjs action' AJAX endpoint, which is registered for unauthenticated users. The endpoint passes user-supplied arguments through the parse str functi...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Jellyfin 安全漏洞

Jellyfin is an open-source free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It serves as a replacement for proprietary products like Emby and Plex, enabling the delivery of media from dedicated servers to end-user devices through...

9.3CVSS5.8AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32492

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment body, article content, description, and message parameter...

7.2CVSS6AI score0.00161EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31576

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal Project version 4.1 Description A flaw exists in PHPGurukul News Portal Project 4.1, specifically within the /news-details.php file. Manipulation of the Comment argument can lead to SQL injection. The attack can be...

7.5CVSS7AI score0.00259EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

PraisonAI 参数注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a parameter injection vulnerability. This vulnerability stemmed from the deploy.py script, which did not validate the values containing commas when constructin...

8.4CVSS5.9AI score0.00231EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

File Browser 参数注入漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser from 2.0.0 to 2.63.1 have a parameter injection vulnerability. This vulnerability stems...

7.5CVSS6.2AI score0.01922EPSS
Exploits2References2
CVE
CVE
added 2026/04/05 8:45 p.m.6 views

CVE-2019-25674

CMSsite 1.0 is affected by an SQL injection vulnerability in the post parameter that can be exploited via GET requests to post.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially extracting sensitive data or performing time-based blind SQL injection...

9.8CVSS6AI score0.00405EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

News Website Script SQL注入漏洞

News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...

8.8CVSS5.9AI score0.004EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 2:46 p.m.9 views

CVE-2026-34813

Endian Firewall 3.3.25 and earlier are affected by a stored XSS vulnerability in the /cgi-bin/proxyuser.cgi user parameter. An authenticated attacker can inject JavaScript that is stored and executed when other users view the affected page.

6.4CVSS5.9AI score0.00173EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 7:4 p.m.5 views

CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 7:4 p.m.7 views

CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.9AI score0.00467EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:4 p.m.2 views

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:4 p.m.25 views

CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS0.00467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/24 3:21 p.m.8 views

CVE-2025-71275 Zimbra Collaboration Suite PostJournal 8.8.15 Unauthenticated Remote Code Execution via SMTP Injection

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

9.8CVSS6.8AI score0.00462EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

OpenClaw 参数注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.3.1 of OpenClaw contains a parameter injection vulnerability. This vulnerability stems from the system.run node executing code that has unapproved integrity vulnerabilities, potentially allowing...

6.7CVSS5.8AI score0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

OpenClaw 参数注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...

8.8CVSS6.2AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

CVE-2026-22209

thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.8CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25532

Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...

8.8CVSS0.00318EPSS
Exploits0References2
Rows per page
Query Builder