Lucene search
K

16 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score
Exploits0References11
NVD
NVD
added 3 hours ago6 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS
Exploits0References10
EUVD
EUVD
added 2026/02/25 1:47 a.m.6 views

EUVD-2026-8584

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

6.5CVSS5.4AI score0.0026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

8.8CVSS8.7AI score0.01075EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.5 views

school-management-system SQL注入漏洞

school-management-system is a PHP school management system for schools or small organizations developed by Shubham kumar, an individual developer. A SQL injection vulnerability exists in school-management-system version 1.0, which stems from incorrect manipulation of the parameter select in the...

9.8CVSS7AI score0.00367EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.10 views

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

6.1CVSS6.4AI score0.00547EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

CmsEasy 路径遍历漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A path traversal vulnerability exists in CmsEasy version 7.7.7.9, which stems from a path traversal caused by the parameter select in...

6.5CVSS5.6AI score0.00794EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.4 views

PT-2024-27150 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue allows attackers to cause a Denial of Service DoS via inputting a negative value into the oneflow.index select parameter. Recommendations: For Oneflow version 0.9.1, as a temporary workaround,...

7.5CVSS6.9AI score0.00418EPSS
Exploits0References5
NVD
NVD
added 2023/09/15 12:15 a.m.24 views

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

8.8CVSS8.7AI score0.01075EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.2 views

Didotech srl Engineering & Lifecycle Management SQL Injection Vulnerability

Didotech srl Engineering & Lifecycle Management is a suite of open source commercial applications from Didotech srl. A security vulnerability exists in Didotech srl Engineering & Lifecycle Management aka pdm versions prior to 14.0.1.0.0, prior to 15.0.1.0.0, and prior to 16.0.1.0, which originate...

8.8CVSS7.7AI score0.01075EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/25 7:15 p.m.2 views

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

6.1CVSS6.3AI score0.00547EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/03/25 12:0 a.m.9 views

PT-2022-17937

Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...

6.1CVSS5.7AI score0.00557EPSS
Exploits1References5
CNVD
CNVD
added 2016/07/05 12:0 a.m.4 views

Cisco EPC3928 Denial of Service Vulnerability

Cisco EPC3928 is a wireless router product from Cisco USA. A security vulnerability exists in goform/Docsissystem on the Cisco EPC3928. A remote attacker can exploit this vulnerability to cause a denial of service device crash with the help of a long 'LanguageSelect' parameter...

7.8CVSS6.8AI score0.09297EPSS
Exploits5References1
Cvelist
Cvelist
added 2011/01/13 6:35 p.m.18 views

CVE-2011-0265

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long dataselect1 parameter...

7.7AI score0.16546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2010/08/04 12:0 a.m.5 views

PT-2010-4293 · Zabbix · Zabbix

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 1.8.3rc1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the formatQuery function. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific...

4.3CVSS5.5AI score0.019EPSS
Exploits0References10
xssed
xssed
added 2008/08/16 12:0 a.m.12 views

Unfixed XSS vulnerability at www.draugi.lv

Security researcher loxaXcracker, has submitted on 16/08/2008 a cross-site-scripting XSS vulnerability affecting www.draugi.lv, which at the time of submission ranked 3001016 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2008. It is...

Exploits0References1
Rows per page
Query Builder