CVE-2018-25402

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The CVE-2018-25400 entry concerns the Open ISES Project 3.30A and an SQL injection via the id parameter in the ajax/form_post.php endpoint. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and exfiltrate data (e.g., database schema names) through crafted GET req...

EUVD-2018-21922

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25399

CVE-2018-25399 affects Open ISES Project 3.30A. The vulnerability is an SQL injection in nearby.php where unsafely constructed SQL queries occur via the tick_lat and tick_lng parameters, enabling unauthenticated attackers to send crafted GET requests to extract sensitive data (usernames, database...

EUVD-2018-21921

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

CVE-2018-25399 The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

CVE-2018-25399 The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2026-45555

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the project selector component when rendering selection menus for associating projects with system entities due to improper sanitization of project names returned via AJAX before injecting them into the DOM a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Projects component when displaying project tags and popovers in administrative detail views due to improper sanitization of user-supplied project names. An attacker can execute arbitrary scripts in the...

CVE-2026-45555

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

EUVD-2026-33302

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

CVE-2026-9809

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...