Lucene search
+L

154 matches found

Cvelist
Cvelist
added 2025/10/01 12:0 a.m.15 views

CVE-2025-52042

In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...

0.00305EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-40243

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get material requests based on supplier function located at erpnext/stock/doctype/material request/material request.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...

8.2CVSS7.3AI score0.00315EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-40246

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get rfq containing supplier function located at erpnext/buying/doctype/request for quotation/request for quotation.py is susceptible to SQL Injection. An attacker can inject a SQL query through th...

8.2CVSS6.9AI score0.00305EPSS
Exploits1References7
CVE
CVE
added 2025/10/01 12:0 a.m.32 views

CVE-2025-52042

CVE-2025-52042 affects Frappe ERPNext 15.57.5. The vulnerable component is the function get_rfq_containing_supplier() in erpnext/buying/doctype/request_for_quotation/request_for_quotation.py, due to lack of validation of the txt parameter against externally entered SQL, enabling SQL Injection to ...

8.2CVSS6.9AI score0.00305EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/10/01 12:0 a.m.6 views

CVE-2025-52042

In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...

8.2CVSS7.4AI score0.00305EPSS
Exploits1References4
CVE
CVE
added 2025/09/26 6:32 p.m.16 views

CVE-2025-11035

CVE-2025-11035 affects Jinher OA 2.0. The vulnerability originates from an XML External Entity (XXE) reference in the code path related to the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This allows remote abuse without user interaction. The issue is described across ...

9.8CVSS6.5AI score0.00383EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/09/12 3:15 p.m.12 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.3CVSS0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 12:0 a.m.3 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.7AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/09/12 12:0 a.m.27 views

CVE-2025-55996

Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...

6.3CVSS6.7AI score0.00178EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/08/18 12:0 a.m.5 views

Medical Store Management System MainPanel.java File SQL Injection Vulnerability

Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...

8.8CVSS6.9AI score0.00382EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/13 10:2 p.m.2 views

CVE-2025-8929 code-projects Medical Store Management System MainPanel.java sql injection

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.5CVSS7.8AI score0.00382EPSS
Exploits1References6
CVE
CVE
added 2025/08/13 10:2 p.m.21 views

CVE-2025-8929

CVE-2025-8929 affects the code-projects Medical Store Management System 1.0. The vulnerability resides in the file MainPanel.java , where the input parameter searchTxt is not properly filtered, leading to a SQL injection . Exploitation can be performed remotely, and the exploit has been disclosed...

8.8CVSS7.8AI score0.00382EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

Code-Projects Medical Store Management System 注入漏洞

Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...

8.8CVSS7.8AI score0.00382EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.7 views

CVE-2020-9083

HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163C00E160R3P8 have a denial of service DoS vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service...

2.4CVSS6.8AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 7:49 a.m.8 views

CVE-2025-3427

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.6AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.7 views

PT-2025-15380 · WordPress · 3Dprint Lite

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied infill text parameter and lack of sufficient preparation on the existing SQL query, making ...

4.9CVSS9.7AI score0.00379EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.6 views

WordPress plugin Frndzk Expandable Bottom Bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

5.5CVSS7.8AI score0.00229EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/03/24 9:21 p.m.6 views

WordPress Frndzk Expandable Bottom Bar plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via text Parameter vulnerability discovered by johska in WordPress Plugin Frndzk Expandable Bottom Bar versions = 1.0...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/12/23 1:10 p.m.85 views

Exploit for Cross-site Scripting in Squidex.Io Squidex

CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex...

6.1CVSS7.2AI score0.02908EPSS
Exploits2
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.6 views

Code-Projects Pharmacy Management System SQL注入漏洞

Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. A SQL injection vulnerability exists in Code-Projects Pharmacy Management System version 1.0, which stems from the parameter text in the file /addnewinvoice.php that can lead to SQL injection...

9.8CVSS7AI score0.00494EPSS
Exploits1References6
Rows per page
Query Builder