Lucene search
K

18 matches found

OSV
OSV
added 2026/06/16 11:50 a.m.5 views

BIT-MYSQL-CLIENT-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:46 a.m.12 views

BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 5:34 p.m.157 views

CVE-2026-48163

CVE-2026-48163 affects MariaDB (wsrep SST): during donor–donor synchronization, the donor interpolates parameters from the joiner in the SST rsync command line, and not all parameters are validated. This could allow a malicious joiner to execute arbitrary shell commands on the donor side. Patched...

9.1CVSS5.8AI score0.00694EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

MCP-GMX-VMD 注入漏洞

MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 11:15 a.m.27 views

CVE-2025-30044 RCE on uhcapache user permissions

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

9.4CVSS0.00544EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 6:0 a.m.4 views

CVE-2025-14719 Relevanssi (Free < 4.26.0, Premium < 2.29.0) - Contributor+ SQLi

The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks...

7.5AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

WordPress plugin Rich Snippet Site Report SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Rich Snippet Site Report plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping of user-supplied parameter last and...

4.9CVSS8.1AI score0.00326EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/26 6:13 a.m.6 views

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

7.2CVSS8.1AI score0.00317EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/14 1:43 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updatedajax method of the...

9.9CVSS5.8AI score0.00566EPSS
Exploits16References2
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.4 views

The vulnerability of D-Link DSL-3782 router microprogramming software, related to the lack of measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of D-Link DSL-3782 router’s microprogramming software is related to the lack of measures taken to neutralize special elements during the processing of parameters sambawg and sambanbn. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8CVSS5.9AI score0.01001EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.2 views

WordPress plugin WordPress Brute Force Protection 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Brute Force...

6.1CVSS7.5AI score0.00452EPSS
Exploits0References3
OSV
OSV
added 2024/11/22 6:15 a.m.5 views

CVE-2024-8735

The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.4AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

WordPress plugin wp-cart-for-digital-products security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.8AI score0.00419EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.3 views

WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

8.8CVSS7.3AI score0.00509EPSS
Exploits0References5
CNVD
CNVD
added 2024/05/22 12:0 a.m.4 views

DAR-8000-10 Deserialization Vulnerability in AUO Electronic Devices (Shanghai) Co.

DAR-8000-10 is the Internet Behavior Audit Gateway from China AUO D-Link. AUO DAR-8000-10 20230922 and earlier versions have a deserialization vulnerability that originates from the unsafe deserialization of the parameter sql of the file /importhtml.php when receiving serialized data submitted by...

9.8CVSS7.2AI score0.0612EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.6 views

PT-2023-20502 · Safe-Eval · Safe-Eval

Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue arises from improper sanitization of the parameter content in the safeEval function, leading to Prototype Pollution. This affects all versions of the safe-eval package. Recommendations: For all...

10CVSS7.2AI score0.01111EPSS
Exploits1References9
CNVD
CNVD
added 2020/10/28 12:0 a.m.4 views

TuziCMS suffers from arbitrary file deletion vulnerability (CNVD-2020-62425)

TuziCMS TC for short is an enterprise web content management system based on PHP+MySql. TuziCMS has an arbitrary file deletion vulnerability. The vulnerability is due to the system parameters are not user-submitted data filtering or processing caused by an attacker can be exploited to delete...

7AI score
Exploits0
OSV
OSV
added 2017/04/28 6:17 a.m.5 views

USN-3272-1 ghostscript vulnerabilities

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service application crash...

7.8CVSS6.8AI score0.96968EPSS
Exploits11References7
Rows per page
Query Builder