Lucene search
K

42 matches found

Nuclei
Nuclei
added yesterday12 views

Cloudlog - SQL Injection

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...

7.3CVSS6.2AI score0.00863EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/22 4:46 p.m.31 views

CVE-2026-54283 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:46 p.m.89 views

CVE-2026-54283

Starlette (Python-starlette) from 0.4.1 through 1.3.1 is affected by CVE-2026-54283, where request.form() fails to apply max_fields/max_part_size for application/x-www-form-urlencoded, allowing an unauthenticated attacker to send a URL-encoded body with unbounded fields or field size. This result...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:39 p.m.9 views

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

7.5CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...

10CVSS7.1AI score0.01945EPSS
Exploits4References62
Hacker One
Hacker One
added 2026/02/16 12:22 a.m.15 views

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

5.7AI score
Exploits0
Amazon
Amazon
added 2026/02/05 12:0 a.m.9 views

Important: golang

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...

10CVSS6.3AI score0.01945EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.8 views

CVE-2020-10078

GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...

6.1CVSS5.8AI score0.00691EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-2543

Malware in sbrugna...

6.1CVSS6.1AI score0.00691EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-22199

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-18626

Malicious code in bioql PyPI...

9.9CVSS6.5AI score0.00896EPSS
Exploits2References3
NVD
NVD
added 2025/10/02 3:15 p.m.6 views

CVE-2025-59742

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACKREQUESTFRMSQL.ASP'...

9.8CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:11 p.m.18 views

CVE-2025-59742

AndSoft e-TMS v25.03 contains a SQL injection vulnerability in the USRMAIL parameter of /inc/login/TRACK_REQUESTFRMSQL.ASP. The issue arises from lack of validation of externally supplied SQL statements, allowing a POST request to retrieve, create, update, and delete databases. Affected component...

9.8CVSS7.7AI score0.00329EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.9 views

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

9.9CVSS8.2AI score0.00896EPSS
Exploits2References1
OSV
OSV
added 2025/06/18 2:15 p.m.4 views

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

9.9CVSS6.2AI score0.00896EPSS
Exploits2References3
NVD
NVD
added 2025/06/18 2:15 p.m.9 views

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

9.9CVSS0.00896EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/06/18 12:0 a.m.5 views

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

9.7AI score0.00896EPSS
Exploits2References3
CVE
CVE
added 2025/06/18 12:0 a.m.29 views

CVE-2025-46157

CVE-2025-46157 affects EfroTech Time Trax v1.0, specifically the Leave Request form in the Attendance module. The issue is an unrestricted file upload/weak server-side validation that enables remote code execution (RCE) by uploading a crafted file (e.g., changing a .txt to .asp). The CVSS v3.1 ba...

9.9CVSS7.6AI score0.00896EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2025/06/18 12:0 a.m.13 views

CVE-2025-46157

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...

0.00896EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/06/13 3:31 p.m.134 views

Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax

CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...

9.9CVSS10AI score0.00896EPSS
Exploits2
Rows per page
Query Builder