Lucene search
+L

232 matches found

Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.11 views

PT-2026-22928

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

6.1AI score0.00388EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/03/04 12:0 a.m.46 views

CVE-2026-26514

CVE-2026-26514 affects bird-lg-go prior to commit 6187a4e3afce6d8c29568f8c72ca497d1f5a2b56. The traceroute module parses user input with shlex.Split without validation, enabling an attacker to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can lead to Denial of Service (DoS) by e...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/04 12:0 a.m.6 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS5.9AI score0.00388EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.7 views

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS5.7AI score0.00363EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.6 views

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

8.8CVSS5.7AI score0.0037EPSS
Exploits1References1
OSV
OSV
added 2026/02/22 3:16 p.m.6 views

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

7.5CVSS5.9AI score0.0037EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 3:16 p.m.8 views

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS0.00363EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/22 2:12 p.m.4 views

CVE-2019-25461 Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

8.8CVSS5.7AI score0.0037EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/22 2:12 p.m.2 views

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

8.8CVSS6AI score0.0037EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/22 2:12 p.m.5 views

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS5.9AI score0.00363EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/22 2:12 p.m.29 views

CVE-2019-25460 Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS0.00363EPSS
Exploits1References3
CVE
CVE
added 2026/02/22 2:12 p.m.14 views

CVE-2019-25460

Affected software : Web Ofisi Platinum E-Ticaret v5. Vulnerability : SQL injection allowing unauthenticated attackers to manipulate queries via the 'q' GET parameter on the arama endpoint, using time-based techniques to extract data. Root cause / method : improper input handling enabling time-bas...

8.8CVSS5.9AI score0.00363EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.9 views

PT-2026-21447

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS5.9AI score0.00363EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.10 views

Web Ofisi E-Ticaret SQL注入漏洞

Web Ofisi E-Ticaret is an e-commerce system developed by the Turkish company Web Ofisi. Version 5 of Web Ofisi E-Ticaret has a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the q parameter in the ajax/productsFilterSearch endpoint, which may lead to...

8.8CVSS5.8AI score0.0037EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 8:39 a.m.38 views

CVE-2026-2736 Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...

5.1CVSS0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

Alkacon OpenCMS 跨站脚本漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from the unvalidated q parameter in the/search/index.html file, which may lead to reflective cross-site scripti...

6.1CVSS5.6AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 4:16 p.m.10 views

CVE-2021-47902

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user...

8.8CVSS0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.26 views

CVE-2021-47902 Testa Online Test Management System 3.4.7 - 'q' SQL Injection

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user...

8.8CVSS0.0024EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/01/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-40748

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php...

9.8CVSS5.9AI score0.02881EPSS
In wildExploits0References53
Rows per page
Query Builder