URY 安全漏洞

URY is a restaurant management system from ury-erp open source. A security vulnerability exists in URY 0.2.0 and earlier versions, which stems from an incorrect manipulation of the parameter searchterm in the file ury/ury/api/posextend.py, which could lead to an SQL injection attack...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31063)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

CVE-2022-50593

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘searchterm’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50593 Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘searchterm’ parameter to the ‘NetworkServlet’ endpoint. Successful...

EUVD-2018-7026

Malware in sbrugna...

EUVD-2020-7062

Malware in sbrugna...

EUVD-2018-7031

Malware in sbrugna...

PT-2025-37563

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A flaw has been found that allows for SQL injection. The issue affects an unknown function of the file /index.php?q=result=bycompany. Manipulation of the Search parameter causes the...

SUSE CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

UBUNTU-CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2025-8039 Search terms persisted in URL bar

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2023-2120

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-2119

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2022-40119

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...

CVE-2022-40120

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...

Q4 Investor Relations Platform 安全漏洞

Q4 Investor Relations Platform is an investor relations platform from Q4 Canada. A security vulnerability exists in Q4 Investor Relations Platform version v5.147.1.2, which stems from an unfiltered input to the SearchTerm parameter in the search function, and could lead to a cross-site scripting...

CVE-2024-2878 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

CVE-2023-7295

The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

WordPress plugin Video Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...