843 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-10204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
CVE-2025-50690
A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...
CVE-2025-8924
The CVE-2025-8924 issue affects Campcodes Online Water Billing System 1.0, specifically the /viewbill.php file where manipulating the ID parameter enables SQL injection. Affected component is the viewbill.php processing logic; root cause is improper handling of the ID argument, allowing remote ex...
GO-2025-3833 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy
OAuth2-Proxy has authentication bypass in oauth2-proxy skipauthroutes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy...
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via improper escaping of query parameters in the metaColumns, metaForeignKeys, or metaIndexes methods when connecting to a sqlite3 database. An attacker can execute arbitrary SQL statements by supplying a crafted table nam...
The ADOdb sqlite3 driver allows SQL injection
Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...
CVE-2025-54576
Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...
CampCodes Courier Management System 注入漏洞
CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a misbehavior of parameter s in file /parcellist.php...
Heimdall 跨站脚本漏洞
Heimdall is an open source application panel and launcher for LinuxServer.io. A cross-site scripting vulnerability exists in Heimdall versions prior to 2.7.3, which stems from an uncleared q parameter that could lead to a cross-site scripting attack...
CVE-2025-6428
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...
TencentOS Server 3: grafana (TSSA-2023:0097)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
MGASA-2025-0179 Updated php-adodb packages fix security vulnerability
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the title parameter in the URL /admin.php?m=config&n=edit&o=core&p=title. An attacker can inject malicious scripts from the admin interface by crafting a malicious title value. Note:...
Aim 安全漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim 3.29.1 and earlier versions have a security vulnerability that stems from improper handling of the Query parameter in the runview Object Handler component, which could lead to sandboxing issues...
CVE-2024-8870
The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...
CVE-2024-57034
WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...
CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...
CVE-2023-51828
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...