Lucene search
K

5655 matches found

CVE
CVE
added 2025/01/20 2:31 a.m.91 views

CVE-2025-0579

CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...

7.5CVSS7.5AI score0.00378EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.5 views

The vulnerability of the server for the Continuous Integration and Delivery system (CI/CD) of GoCD arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the CI/CD server of GoCD is related to an incorrect restriction on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

2.2CVSS5.5AI score0.00755EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/19 1:31 a.m.8 views

CVE-2025-0563 code-projects Fantasy-Cricket update.php sql injection

A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS7.3AI score0.00528EPSS
Exploits1References5
NVD
NVD
added 2025/01/17 7:15 p.m.10 views

CVE-2025-0534

A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be...

9.8CVSS0.00607EPSS
Exploits1References5
CVE
CVE
added 2025/01/17 3:31 p.m.55 views

CVE-2025-0530

The CVE-2025-0530 entry concerns code-projects Job Recruitment 1.0. The vulnerability is in the file /_parse/_feedback_system.php where manipulation of the type argument enables cross-site scripting. It is described as exploitable remotely and publicly disclosed. Affected software: code-projects ...

8.2CVSS6.6AI score0.00471EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/16 5:32 p.m.18 views

LibreNMS Ports Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Ports Description: Stored XSS on the parameter: /ajaxform.php - param: descr Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

5.4CVSS4.8AI score0.01221EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/16 2:26 p.m.25 views

CVE-2024-7596

An insecure configuration flaw was found in the Generic UDP Encapsulation Protocol. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed...

5.4CVSS7.1AI score0.0081EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/01/15 8:31 p.m.7 views

CVE-2025-0486 Fanli2012 native-php-cms login.php sql injection

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploi...

7.5CVSS7.6AI score0.00499EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/01/14 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1015)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01729EPSS
Exploits0References2
Redos
Redos
added 2025/01/14 12:0 a.m.5 views

ROS-20250114-11

The vulnerability of the Python virtualenv virtual environment constructor activation scripts is related to the failure to take steps to neutralize special elements used by the operating system command. measures to neutralize special elements used in the operating system command. Exploitation...

8.4CVSS7.6AI score0.01557EPSS
Exploits1
Ubuntu
Ubuntu
added 2025/01/13 12:47 p.m.13 views

USN-7201-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS6.8AI score0.14492EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.32 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : WebKitGTK vulnerabilities (USN-7201-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7201-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...

8.8CVSS6.9AI score0.14492EPSS
Exploits1References5
NVD
NVD
added 2025/01/09 1:15 a.m.10 views

CVE-2024-13198

A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

6.3CVSS0.00668EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.4 views

PT-2025-2050 · Unknown · Zerowdd Myblog

Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A problem has been detected in the update function of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. This issue leads to cross site scripting attacks, which can be launched...

5.4CVSS3.6AI score0.00393EPSS
Exploits1References10
NVD
NVD
added 2025/01/04 12:15 p.m.25 views

CVE-2025-0206

A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed...

8.8CVSS0.00608EPSS
Exploits1References5
NVD
NVD
added 2025/01/02 3:15 p.m.34 views

CVE-2025-0171

A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

7.5CVSS0.0043EPSS
Exploits1References5
NVD
NVD
added 2025/01/02 11:15 a.m.19 views

CVE-2024-13104

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch t...

6.9CVSS0.00725EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/12/31 10:31 p.m.14 views

CVE-2024-13085 PHPGurukul Land Record System login.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...

7.5CVSS0.00496EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.7 views

PT-2025-2003 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical vulnerability was found in the WiFi Settings Handler component, specifically in an unknown function of the file /goform/form2AdvanceSetup.cgi. The manipulation leads to...

6.9CVSS5.6AI score0.00725EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.4 views

PT-2025-2002 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical issue has been found in the Virtual Service Handler component, affecting the file /goform/form2AddVrtsrv.cgi. This leads to improper access controls, allowing for remote...

6.9CVSS5.6AI score0.0081EPSS
Exploits0References12
Rows per page
Query Builder