Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1085 matches found

OSV
OSVadded 2018/10/02 9:29 p.m.1 views

CVE-2018-14822

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code...

9.8CVSS6AI score
Exploits0References2
CNVD
CNVDadded 2018/09/26 12:0 a.m.3 views

Component Collection Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Collection Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

9.8CVSS9.8AI score0.02512EPSS
Exploits5References1
CNVD
CNVDadded 2018/09/26 12:0 a.m.3 views

Component AlphaIndex Dictionaries SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component AlphaIndex Dictionaries. The vulnerability is caused by an attacker inserting SQL commands into the query string of a w...

9.8CVSS9.7AI score0.02512EPSS
Exploits5References1
Veracode
Veracodeadded 2018/09/03 5:56 a.m.21 views

SQL Injection

ThinkPHP is vulnerable to SQL injection. A remote attacker is able to inject arbitrary SQL commands through the public/index/index/test/index query string...

9.8CVSS9.8AI score0.00518EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2018/09/03 2:29 a.m.16 views

Sql injection

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

7.5CVSS9.8AI score0.00518EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2018/09/03 2:29 a.m.13 views

CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

9.8CVSS8.2AI score
Exploits0References2
Exploit DB
Exploit DBadded 2018/08/26 12:0 a.m.59 views

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...

7.4AI score
Exploits0
OSV
OSVadded 2018/08/02 7:29 p.m.0 views

CVE-2017-14446

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this...

9.9CVSS6.2AI score
Exploits0References1
NVD
NVDadded 2018/08/02 7:29 p.m.15 views

CVE-2017-14446

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this...

9.9CVSS9.2AI score0.00405EPSS
Exploits2References1
Hacker One
Hacker Oneadded 2018/08/02 11:35 a.m.21 views

Upserve : [theacademy.upserve.com] Reflected XSS Query-String

Steps To Reproduce: Open URL in FireFox: https://theacademy.upserve.com/roles/?%22%3E%3Cscript//src=data,alertlocation// HTTP Request http GET /roles/?%22%3E%3Cscript//src=data,alertlocation// HTTP/1.1 Host: theacademy.upserve.com HTTP Response html Name Views Duration Impact Reflected XSS...

0.3AI score
Exploits0
VulnCheck KEV
VulnCheck KEVadded 2018/07/24 12:0 a.m.1 views

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

6.9CVSS5.9AI score0.00397EPSS
Exploits0References1
OSV
OSVadded 2018/07/23 4:29 p.m.14 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS7.1AI score0.01328EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2018/07/23 4:29 p.m.16 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS7.4AI score0.01328EPSS
Exploits0References3
Prion
Prionadded 2018/07/23 4:29 p.m.11 views

Design/Logic Flaw

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

7.5CVSS9.6AI score0.01328EPSS
Exploits0References2Affected Software2
NVD
NVDadded 2018/07/23 4:29 p.m.13 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS9.7AI score0.01328EPSS
Exploits0References2
Cvelist
Cvelistadded 2018/07/23 4:0 p.m.16 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.7AI score0.01328EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2018/07/23 4:0 p.m.12 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS9.7AI score0.01328EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Databaseadded 2018/07/23 12:0 a.m.18 views

Improper query string handling in Django

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS5.3AI score0.00553EPSS
Exploits1References7Affected Software1
Prion
Prionadded 2018/07/05 6:29 p.m.12 views

Authentication flaw

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

4.3CVSS6AI score0.00215EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2018/07/05 6:29 p.m.10 views

CVE-2017-11175

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

6.1CVSS6.2AI score0.00215EPSS
Exploits1References1
Rows per page
Query Builder