1666 matches found
CVE-2025-0668 BOINC Server Multiple SQL Injections
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5...
CVE-2022-24752
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...
CVE-2024-39907
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template
Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...
CVE-2025-24027
pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...
CVE-2025-24027
CVE-2025-24027 concerns the PrestaShop module ps_contactinfo . The vulnerability is a cross-site scripting (XSS) flaw affecting versions up to and including 3.3.2, arising when formatted addresses stored in the database are displayed. Exploitation is described as possible only in shops already vu...
CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template
pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...
CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template
pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...
Imperva Defends Against LLM Hacking
In the evolving landscape of cybersecurity, the advent of large language models LLMs has introduced a new frontier of challenges and opportunities. Research has shown advanced LLMs, such as GPT-4, now possess the ability to autonomously execute sophisticated cyberattacks, including blind database...
CVE-2024-49588
Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections...
CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar
Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections...
CVE-2024-49588
CVE-2024-49588 affects the Palantir oracle-sidecar component. Affected versions are 0.347.0 through 0.543.0, with multiple endpoints susceptible to SQL injections. The vulnerability is described across several sources as authenticated SQL injection weaknesses in oracle-sidecar, enabling potential...
Navidrome has Multiple SQL Injections and ORM Leak
Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not properly...
CVE-2024-39907
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
CVE-2024-39907
1Panel is affected by an authenticated SQL injection vulnerability in its web-based Linux server management panel. The connected Nuclei template and related advisories describe multiple SQL injections that are not properly filtered, enabling arbitrary file writes and remote code execution (RCE). ...
Jasmin Ransomware 1.1 Arbitrary File Read
Exploit Title: Jasmin Ransomware arbitrary file read Date: 2024-04-04 Exploit Author: @chebuya Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: v1.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30851 Description: Jasmin Ransomware panel contains multiple SQL injections and...
AIs Hacking Websites
New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models LLMs have become increasingly capable and can now interact with tools i.e., call functions, read documents, and recursively call themselves. As a result, these LLMs can now function autonomous...
CVE-2023-50866 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...