Lucene search
K

83 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.9 views

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS6.7AI score0.17988EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.6 views

CVE-2020-5782

In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...

6.8CVSS7AI score0.00987EPSS
Exploits1References1
CVE
CVE
added 2025/05/08 12:0 a.m.56 views

CVE-2025-45798

CVE-2025-45798 is a command execution vulnerability in the TOTOLINK A950RG with firmware version 4.1.2cu.5204_B20210112. It arises from improper handling of the IpTo parameter in the setNoticeCfg interface inside /lib/cste_modules/system.so, enabling arbitrary command execution. Documented impact...

9.8CVSS7.4AI score0.01023EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/04/15 2:20 p.m.7 views

GHSA-M67M-3P5G-CW9J VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...

2.2CVSS7AI score0.00332EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.3 views

SourceCodester Online Food Ordering System 注入漏洞

SourceCodester Online Food Ordering System is a SourceCodester open source online food ordering system. An injection vulnerability exists in SourceCodester Online Food Ordering System version 2.0, which stems from an incorrect manipulation of the parameter pid that can lead to SQL injection...

9.8CVSS8AI score0.00487EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

TOTOlink A3002R 安全漏洞

TOTOLINK A3002R is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOlink A3002R version V1.1.1-B20200824.0128, which originates from improper validation of the pppoedns1 parameter input, resulting in a buffer overflow...

8CVSS7.2AI score0.00392EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

SourceCodester Employee Management System 安全漏洞

SourceCodester Employee Management System is a SourceCodester open source php-based system for employee performance management. A security vulnerability exists in SourceCodester Employee Management System version 1.0, which stems from an incorrect operation of the username/password parameters tha...

9.8CVSS7.5AI score0.00916EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:9 p.m.19 views

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

7.5CVSS6.7AI score0.97822EPSS
Exploits11References1
OSV
OSV
added 2025/01/17 12:0 a.m.14 views

CVE-2024-57030

Wegia 3.2.0 is vulnerable to Cross Site Scripting XSS in /geral/documentosfuncionario.php via the id parameter...

8.1CVSS5.9AI score0.00621EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/01/16 12:0 a.m.13 views

CVE-2024-57575

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...

0.00763EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.8 views

PT-2025-4601 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the Cadastro Atendido.php...

6.4CVSS3.7AI score0.00283EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.2 views

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from an incorrect manipulation of the parameter inccat/desc/date/amount that can lead ...

9.8CVSS7AI score0.00543EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.6 views

Codezips Free Exam Hall Seating Management System 安全漏洞

Codezips Free Exam Hall Seating Management System is a free exam hall seating management system from Codezips open source. A security vulnerability exists in Codezips Free Exam Hall Seating Management System version 1.0, which stems from mishandling of the parameter IMAGE, resulting in unrestrict...

9.8CVSS6.6AI score0.00528EPSS
Exploits1References4
CNVD
CNVD
added 2024/09/20 12:0 a.m.7 views

TOTOLINK AC1200 T8 UploadCustomModule function buffer overflow vulnerability

The TOTOLINK AC1200 T8 is a dual-band full gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 T8 UploadCustomModule function. The vulnerability stems from the failure of the File parameter of the UploadCustomModule function to...

7.5CVSS8.1AI score0.00552EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.9 views

PT-2024-31264 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the id parameter in the "adv2.php" component. Recommendations: For ZZCMS versions 2023 and earlier, consider...

8.8CVSS6.8AI score0.00687EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.4 views

Simple Online Bidding System Code Issue Vulnerability

Simple Online Bidding System is an online bidding system by oretnom23 individual developers. A code issue vulnerability exists in SourceCodester Simple Online Bidding System version 1.0, which stems from the parameter img in the file /admin/ajax.php?action=savesettings that can lead to unrestrict...

9.8CVSS7.1AI score0.00665EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/05/31 12:0 a.m.6 views

The vulnerability in the `index.php?c=api` script of the OneNav bookmark management interface, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /index.php?c=api interface of the OneNav bookmark management program is related to deficiencies in the authentication process due to incorrect generation of tokens with the X-Token parameter. Exploiting this vulnerability allows a malicious actor to compromise the...

10CVSS7.2AI score0.00984EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2024/05/24 9:47 p.m.27 views

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...

6.4AI score0.00589EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.5 views

Simple Chat System SQL Injection Vulnerability

Simple Chat System is a simple chat system by nurhodelta17 individual developer. A SQL injection vulnerability exists in Simple Chat System version 1.0, which stems from an incorrect manipulation of the parameters email/password that can lead to SQL injection...

9.8CVSS7.9AI score0.00615EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.7 views

Amavis security breach

Amavis is a high-performance email content filtering framework written in Perl. A security vulnerability exists in Amavis versions prior to 2.12.3 and 2.13.x prior to 2.13.1, which stems from an interpretation conflict that may incorrectly check for prohibited files or malware when multiple...

7.4CVSS6.8AI score0.00826EPSS
Exploits0References7
Rows per page
Query Builder