PT-2025-7059 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions 2.17.0 through 2.19.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in t...

Emoncms 安全漏洞

Emoncms is an open source web application from Emoncms Open Source. The program is primarily used to process, record and display energy, temperature and other environmental data. A security vulnerability exists in Emoncms version 11.6.9 and earlier, which stems from improper handling of...

CVE-2024-9982

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

OESA-2025-1054 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

OESA-2025-1053 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

CVE-2024-57034

CVE-2024-57034 affects WeGIA versions prior to 3.2.0, with a SQL injection vulnerability in the PHP file query_geracao_auto.php that is exploitable via the query parameter. Root cause is an unsafe handling of the query parameter in the underlying SQL. Impact is high (confidentiality, integrity, a...

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

PT-2025-2057 · Unknown · Langhsu Mblog Blog System

Name of the Vulnerable Software and Affected Versions: langhsu Mblog Blog System version 3.5.0 Description: A problematic vulnerability was found in the Search Bar component of the langhsu Mblog Blog System, affecting an unknown functionality of the file /search. The manipulation of the kw argume...

CVE-2024-12959

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /updatepersonaldetails.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has...

1000 Projects Portfolio Management System MCA 注入漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from a parameter q in the file /updateedudetails.php that can lead to SQL...

PT-2024-17830 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects the file /update personal details.php and can be exploited...

WordPress plugin Flixita 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-54153

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...

CVE-2024-54153

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...

CVE-2024-54153

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...

CVE-2024-54153

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...

CVE-2024-54153

CVE-2024-54153 applies to JetBrains YouTrack versions prior to 2024.3.51866. The Red Hat and other sources confirm an information disclosure where an unauthenticated database backup could be downloaded via a vulnerable query parameter. The issue stems from missing access control on that parameter...

Internet Bug Bounty: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1,...