Lucene search
K

2302 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 2:11 a.m.13 views

CVE-2012-0323

Cross-site scripting XSS vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:46 a.m.7 views

CVE-2016-1912

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

5.4CVSS5.5AI score0.01386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:39 a.m.4 views

CVE-2015-10040

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is...

6.5CVSS7.5AI score0.00778EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:44 p.m.9 views

CVE-2009-1849

Cross-site scripting XSS vulnerability in the MonitorBandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:1 p.m.7 views

CVE-2008-6341

Cross-site scripting XSS vulnerability in the SB Universal Plugin SBuniplug extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00855EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 5:15 p.m.4 views

CVE-2025-4707

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transactionadd.php. The manipulation of the argument prodname leads to sql injection. The attack may be initiated remotely. The explo...

9.8CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2025/05/09 8:15 p.m.4 views

CVE-2025-4487

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit...

9.8CVSS5.8AI score0.00438EPSS
Exploits1References5
OSV
OSV
added 2025/05/09 4:16 a.m.3 views

CVE-2025-4457

A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has be...

9.8CVSS5.8AI score0.00751EPSS
Exploits1References4
OSV
OSV
added 2025/05/01 7:15 a.m.4 views

CVE-2025-4154

A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this issue is some unknown functionality of the file /admin/enrollment-details.php. The manipulation of the argument Status leads to sql injection. The attack may be...

8.8CVSS5.7AI score0.00342EPSS
Exploits1References5
OSV
OSV
added 2025/04/30 2:15 p.m.3 views

CVE-2025-45018

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...

9.8CVSS6.3AI score0.00478EPSS
Exploits1References1
OSV
OSV
added 2025/04/30 11:54 a.m.2 views

USN-7315-2 postgresql-10 vulnerability

USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perfo...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References2
OSV
OSV
added 2025/04/30 10:15 a.m.5 views

CVE-2025-4109

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launch...

8.8CVSS5.8AI score0.00357EPSS
Exploits1References5
OSV
OSV
added 2025/04/19 8:15 p.m.4 views

CVE-2025-3819

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be...

9.8CVSS5.8AI score0.00438EPSS
Exploits1References5
OSV
OSV
added 2025/04/04 8:15 p.m.6 views

CVE-2025-3267

A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

8.8CVSS6.4AI score0.00443EPSS
Exploits1References4
OSV
OSV
added 2025/04/03 9:15 p.m.7 views

CVE-2025-3178

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated...

9.8CVSS5.8AI score0.00513EPSS
Exploits1References4
OSV
OSV
added 2025/04/03 2:4 p.m.4 views

BIT-DOLIBARR-2020-7994

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.2AI score0.0147EPSS
Exploits1References3
OSV
OSV
added 2025/04/03 7:15 a.m.1 views

CVE-2025-3147

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be initiated remotely. The exploit has bee...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References5
OSV
OSV
added 2025/03/21 9:15 p.m.5 views

CVE-2025-2604

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editact.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The...

5.3CVSS5.8AI score0.00303EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/03/19 9:30 p.m.17 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

6.1CVSS5.9AI score0.00271EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.4 views

Synology Drive Server SQL注入漏洞

Synology Drive Server is a collaborative office suite from China-based Synology. The product includes document management, collaborative office and file synchronization and backup features. A SQL injection vulnerability exists in Synology Drive Server versions prior to 3.0.4-12699, prior to...

7.5CVSS7.8AI score0.24866EPSS
Exploits0References1
Rows per page
Query Builder