Lucene search
K

296 matches found

Cvelist
Cvelist
added 2025/02/13 1:26 p.m.22 views

CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

8.3CVSS0.00724EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/02/13 1:26 p.m.8 views

CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

8.3CVSS6.8AI score0.00724EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/13 12:0 a.m.23 views

CVE-2025-25356

A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter...

0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/12 9:57 a.m.6 views

CVE-2025-1247

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. Mitigation Mitigation for...

8.3CVSS8.1AI score0.00724EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/27 1:16 p.m.3 views

CVE-2024-11348 Reflected XSS in Eura7 CMSmanager

Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. The vulnerability has been fixed by a patche patch 17012022 addressing all affected versions in use...

5.3CVSS5.8AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/15 12:0 a.m.7 views

CVE-2024-55970

File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734...

6.9AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 7:22 p.m.56 views

GHSA-WH34-M772-5398 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...

8.6CVSS9.2AI score0.01045EPSS
Exploits2References5
NVD
NVD
added 2024/12/12 7:15 p.m.37 views

CVE-2024-55663

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

9.8CVSS0.00732EPSS
Exploits0References3
CVE
CVE
added 2024/12/12 6:53 p.m.69 views

CVE-2024-55663

CVE-2024-55663 is an SQL injection in XWiki Platform occurring in getdocument.vm, tied to an unsanitized sort parameter that can enable HQL injection. Affected versions include 6.3-milestone-2 up to 13.10.4/14.3-rc-1, with patches implemented in 13.10.5 and 14.3-rc-1. Depending on the database ba...

9.8CVSS6.3AI score0.00732EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 6:53 p.m.15 views

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

8.6CVSS6.4AI score0.00732EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 6:53 p.m.47 views

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

8.6CVSS0.00732EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.7 views

1000 Projects Library Management System 安全漏洞

1000 Projects Library Management System is an open source library management system from 1000 Projects. A security vulnerability exists in 1000 Projects Library Management System version 1.0 due to a SQL injection in parameter q. The vulnerability is caused by the presence of a parameter q in the...

9.8CVSS7.8AI score0.00587EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/11/27 12:0 a.m.14 views

CVE-2024-53635

A Reflected Cross Site Scripting XSS vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter...

0.00473EPSS
Exploits1References1
NVD
NVD
added 2024/11/11 3:15 p.m.24 views

CVE-2024-51054

A Cross Site Scriptng XSS vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter...

4.8CVSS0.00388EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/11 12:0 a.m.12 views

CVE-2024-51054

A Cross Site Scriptng XSS vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter...

7.1AI score0.00388EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/16 12:0 a.m.18 views

CVE-2024-48744

A Reflected Cross Site Scripting XSS vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter...

0.00405EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.12 views

PT-2024-37636 · Unknown · Hyperview Geoportal Toolkit

Name of the Vulnerable Software and Affected Versions: HyperView Geoportal Toolkit versions prior to 8.5.0 Description: The issue allows an unauthenticated remote attacker to prepare links that, when opened, will load scripts from a remote location controlled by the attacker and execute them in t...

6.5CVSS7.7AI score0.0035EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2024/07/25 7:35 p.m.78 views

ItSourceCode 'Online Blood Bank Management System in PHP" Stored XSS

Stored XSS in Online Blood Bank Management System V1.0...

6.1AI score
Exploits0
NVD
NVD
added 2024/06/20 1:15 p.m.32 views

CVE-2023-49111

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

6.5CVSS0.00646EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/05/13 12:31 p.m.29 views

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...

6.5CVSS6.9AI score0.00922EPSS
Exploits1References4
Rows per page
Query Builder