Lucene search
K

103 matches found

CVE
CVE
added 2026/03/20 8:5 p.m.10 views

CVE-2026-33142

CVE-2026-33142 affects OneUptime prior to version 10.0.34. The issue arises because the functions toSortStatement, toSelectStatement, and toGroupByStatement in StatementGenerator interpolate user-supplied keys as ClickHouse Identifier parameters without validating that they match actual model col...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:31 p.m.21 views

CVE-2025-15608 Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

7.7CVSS0.00528EPSS
Exploits0References2
RubySec
RubySec
added 2026/03/20 12:0 a.m.8 views

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

9.1CVSS6AI score0.00632EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25085

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.9AI score0.00603EPSS
Exploits1References16
CVE
CVE
added 2026/03/10 12:18 a.m.13 views

CVE-2026-27684

CVE-2026-27684 affects SAP NetWeaver Feedback Notifications Service. An authenticated attacker can exploit a SQL injection by supplying input that is directly concatenated into SQL queries, enabling manipulation of WHERE clause logic. This can lead to unauthorized access to or modification of dat...

6.4CVSS6AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

SAP NetWeaver SQL注入漏洞

SAP NetWeaver is a service-oriented integrated application platform developed by the German company SAP. This platform primarily provides development and runtime environments for SAP applications. SAP NetWeaver has a SQL injection vulnerability, which arises from unvalidated or escaped user input...

6.4CVSS5.8AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/03/04 7:28 p.m.2 views

GHSA-JJGJ-CPP9-CVPV OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection

Summary A malicious or compromised MCP Model Context Protocol tool server can exfiltrate arbitrary local files from the host system by injecting MEDIA: directives into tool result text content. OpenClaw's tool result processing pipeline extracts file paths from MEDIA: tokens without source-level...

6.9CVSS6.1AI score
Exploits0References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.9 views

SAMSUNG多款产品 安全漏洞

SAMSUNG Exynos 1280, among others, are products of Samsung Electronics from South Korea. The SAMSUNG Exynos 1280 is a processor for mobile devices. The SAMSUNG Exynos 2200 is a mobile chip processor. The SAMSUNG Exynos 1380 is also a mobile chip processor. Several SAMSUNG products have security...

5.5CVSS5.8AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.3 views

CVE-2026-27020

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

5.3CVSS5.2AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 9:19 p.m.10 views

CVE-2026-27020

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

5.3CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 9:3 p.m.1 views

CVE-2026-27020 Photobooth has a XSS vulnerability in user input

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

5.3CVSS5AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 9:3 p.m.34 views

CVE-2026-27020 Photobooth has a XSS vulnerability in user input

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

5.3CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.27 views

CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

8.8CVSS0.00349EPSS
Exploits1References3
NVD
NVD
added 2026/02/01 1:15 p.m.4 views

CVE-2021-47912

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

6.4CVSS0.00217EPSS
Exploits1References4
NVD
NVD
added 2026/02/01 1:15 p.m.5 views

CVE-2021-47916

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.9 views

PT-2026-5561

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS6AI score
Exploits0References4
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.7 views

WordPress Plugin BuddyPress Code Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.3CVSS6.1AI score0.00444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:4 p.m.3 views

CVE-2025-41025

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

5.4CVSS5.3AI score0.00133EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.9 views

GLPI SQL injection vulnerability

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

9.8CVSS5.9AI score0.00436EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.8 views

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS6.6AI score0.00238EPSS
Exploits1References1
Rows per page
Query Builder