28727 matches found
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
CVE-2025-4962
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...
sha.js 安全漏洞
sha.js is an open source application from Browserify. A security vulnerability exists in sha.js version 2.4.11 and earlier, which stems from improper input validation and could lead to tampering of input data...
Online Shopping Portal Project password-recovery.php File SQL Injection Vulnerability
Online Shopping Portal Project is an online shopping portal project. A SQL injection vulnerability exists in Online Shopping Portal Project, which originates from the lack of validation of externally-entered SQL statements in the parameter emailid in the file /shopping/password-recovery.php. An...
Delta Electronics DTN Soft Code Execution Vulnerability
Delta Electronics DTN Soft is a temperature controller software from Delta Electronics China. A security vulnerability exists in Delta Electronics DTN due to an insecure deserialization flaw in the handling of project files. An attacker can exploit the vulnerability to execute arbitrary code on t...
Linux Distros Unpatched Vulnerability : CVE-2020-10755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before...
SUSE CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities,...
Exploit for CVE-2025-55444
CVE Reports by Anudeep Kadambala This repository contains det...
riscv-boom SonicBOOM 安全漏洞
riscv-boom SonicBOOM is a SonicBOOM: The Berkeley Out-of-Order RISC-V Processor open source SonicBOOM: The Berkeley Mess Machine. A security vulnerability exists in riscv-boom SonicBOOM version 1.2, which stems from improper memory access control and could lead to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2021-39898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was...
CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
DEBIAN-CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
UBUNTU-CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192
Apache Commons OGNL (OGNL library) contains an improper neutralization of expression/command delimiters when using Ognl.getValue, allowing bypass of blocklisted dangerous classes and potentially enabling arbitrary code execution. Affected: OGNL engine across versions; impact noted as high (CVE-20...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...