Lucene search
K

757 matches found

Nuclei
Nuclei
added 8 hours ago23 views

Eclipse BIRT Viewer - Remote Code Execution

Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters. id: CVE-2021-34427 info: name: Eclipse BIRT Viewer - Remote Code...

9.8CVSS7.1AI score0.5771EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 3 days ago9 views

CVE-2026-53448

A flaw was found in Coturn, a free open-source implementation of TURN and STUN Server. The HTTPS administration panel, specifically in the delete-user, delete-secret, and delete-IP operations, does not properly sanitize HTTP query parameters. This allows an authenticated administrator to inject...

7.2CVSS6.4AI score0.00677EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-59180

A flaw was found in Apprise, an open-source library for sending notifications. HTTP-based notification plugins and HTTP attachment and configuration loaders in Apprise, prior to version 1.11.0, automatically follow HTTP redirects. During these redirects, user-configured authentication headers and...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References7
NVD
NVD
added 3 days ago8 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 1:3 p.m.5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 7:25 p.m.15 views

EUVD-2026-33256

Mautic has SQL Injection in API Contact Filtering...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

Next.js: Next.js: Authorization bypass via crafted query parameters

A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...

8.1CVSS5.9AI score0.00485EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/07/01 11:30 a.m.5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54917

Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...

9.8CVSS6AI score0.01671EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2026-56224 Capgo - Login CSRF and Session Fixation via URL Query Parameters

Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...

5.4CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 8:17 p.m.11 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53734

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description Multiple Livewire web UI components fail to validate team ownership when processing server id and destination uuid passed via URL query parameters. While API controllers correctly use the...

9.6CVSS5.8AI score0.00223EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 3:50 p.m.57 views

CVE-2026-54297

CVE-2026-54297 (Faraday) : Uncontrolled recursion in Faraday::NestedParamsEncoder during decoding of nested query strings can create deeply nested Ruby Hashes, leading to a stack exhaustion DoS. Affected versions are Faraday 1.0.0 through 1.10.6 and 2.14.3. The vulnerability is fixed in 1.10.6 an...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/23 6:3 p.m.2 views

GHSA-J4H9-PM27-4RFW OctoPrint has possible file exfiltration via query parameters on upload endpoints

Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...

7CVSS5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
OSV
OSV
added 2026/06/19 7:35 p.m.13 views

GHSA-98M9-HRRM-R99R Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...

7.5CVSS5.7AI score0.00391EPSS
Exploits1References6
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Faraday - Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters Summary Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query...

7.5CVSS6AI score0.00391EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.15 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
Rows per page
Query Builder