Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/09 3:0 p.m.6 views

EUVD-2025-33351

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

1CVSS6AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-7077

Malware in sbrugna...

5CVSS6.4AI score0.02445EPSS
Exploits1References4
Hacker One
Hacker One
added 2025/07/12 8:11 p.m.9 views

Bykea: MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint

MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint An unauthenticated health check endpoint was discovered that exposed basic system and infrastructure details...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 16.5 to...

5.5CVSS6.7AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

5.3CVSS7.3AI score0.50192EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/09 8:15 p.m.2 views

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS6.7AI score0.02153EPSS
Exploits1References4
OSV
OSV
added 2023/02/09 8:15 p.m.2 views

DEBIAN-CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS6.3AI score0.02153EPSS
Exploits1References1
Snyk
Snyk
added 2023/01/18 6:20 p.m.1 views

SQL Injection

Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of comments passed via annotate, optimzerhints methods, or via the QueryLogs interface, which adds annotations automatically. Exploiting this...

8.8CVSS8AI score0.02153EPSS
Exploits1References2
Prion
Prion
added 2019/03/25 10:29 p.m.21 views

Authentication flaw

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...

5CVSS7.7AI score0.02604EPSS
Exploits1References1Affected Software5
Cvelist
Cvelist
added 2019/03/25 9:29 p.m.24 views

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...

7.7AI score0.02604EPSS
Exploits1References1
NVD
NVD
added 2009/08/28 3:30 p.m.19 views

CVE-2008-7118

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

5CVSS6.7AI score0.02445EPSS
Exploits1References3
Prion
Prion
added 2009/08/28 3:30 p.m.17 views

Improper access control

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

5CVSS7.4AI score0.02445EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/08/28 3:0 p.m.25 views

CVE-2008-7118

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

6.7AI score0.02445EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2007/12/13 12:0 a.m.44 views

trivantis-sql.txt

+==================================================================================================+ + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 + +==================================================================================================+...

7.5CVSS6.7AI score0.01384EPSS
Exploits3
Rows per page
Query Builder