Lucene search
K

1666 matches found

Vulnrichment
Vulnrichment
added 2025/05/07 7:39 a.m.12 views

CVE-2025-0668 BOINC Server Multiple SQL Injections

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5...

9.3CVSS6.4AI score0.00489EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:45 p.m.8 views

CVE-2022-24752

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...

9.8CVSS6.7AI score0.01337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:16 p.m.6 views

CVE-2024-39907

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS7AI score0.29396EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/01/22 6:10 p.m.17 views

ps_contactinfo has a potential XSS due to usage of the nofilter tag in template

Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...

6.2CVSS6.4AI score0.00396EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/01/22 3:15 p.m.9 views

CVE-2025-24027

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

6.2CVSS0.00396EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 2:26 p.m.59 views

CVE-2025-24027

CVE-2025-24027 concerns the PrestaShop module ps_contactinfo . The vulnerability is a cross-site scripting (XSS) flaw affecting versions up to and including 3.3.2, arising when formatted addresses stored in the database are displayed. Exploitation is described as possible only in shops already vu...

6.2CVSS6.2AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 2:26 p.m.13 views

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

6.2CVSS0.00396EPSS
Exploits0References2
OSV
OSV
added 2025/01/22 2:26 p.m.8 views

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

6.2CVSS5.7AI score0.00396EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.6 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...

9CVSS5.7AI score0.00524EPSS
Exploits0References3Affected Software2
Imperva Blog
Imperva Blog
added 2024/12/02 9:44 p.m.21 views

Imperva Defends Against LLM Hacking

In the evolving landscape of cybersecurity, the advent of large language models LLMs has introduced a new frontier of challenges and opportunities. Research has shown advanced LLMs, such as GPT-4, now possess the ability to autonomously execute sophisticated cyberattacks, including blind database...

9.8CVSS7.3AI score0.97301EPSS
Exploits15
NVD
NVD
added 2024/11/21 8:15 p.m.12 views

CVE-2024-49588

Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections...

6.8CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 7:59 p.m.11 views

CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar

Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections...

6.8CVSS7.8AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 7:59 p.m.45 views

CVE-2024-49588

CVE-2024-49588 affects the Palantir oracle-sidecar component. Affected versions are 0.347.0 through 0.543.0, with multiple endpoints susceptible to SQL injections. The vulnerability is described across several sources as authenticated SQL injection weaknesses in oracle-sidecar, enabling potential...

6.8CVSS6.9AI score0.00291EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/20 2:51 p.m.34 views

Navidrome has Multiple SQL Injections and ORM Leak

Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not properly...

9.4CVSS7.7AI score0.04457EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2024/07/18 4:15 p.m.26 views

CVE-2024-39907

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS0.29396EPSS
Exploits1References1
CVE
CVE
added 2024/07/18 3:31 p.m.68 views

CVE-2024-39907

1Panel is affected by an authenticated SQL injection vulnerability in its web-based Linux server management panel. The connected Nuclei template and related advisories describe multiple SQL injections that are not properly filtered, enabling arbitrary file writes and remote code execution (RCE). ...

9.8CVSS9.7AI score0.29396EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.355 views

Jasmin Ransomware 1.1 Arbitrary File Read

Exploit Title: Jasmin Ransomware arbitrary file read Date: 2024-04-04 Exploit Author: @chebuya Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: v1.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30851 Description: Jasmin Ransomware panel contains multiple SQL injections and...

7.2AI score0.04611EPSS
Exploits7
Schneier on Security
Schneier on Security
added 2024/02/23 4:14 p.m.11 views

AIs Hacking Websites

New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models LLMs have become increasingly capable and can now interact with tools i.e., call functions, read documents, and recursively call themselves. As a result, these LLMs can now function autonomous...

7.8AI score
Exploits0
Cvelist
Cvelist
added 2024/01/04 2:32 p.m.23 views

CVE-2023-50866 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/04 2:29 p.m.24 views

CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Rows per page
Query Builder