Lucene search
K

224 matches found

CNNVD
CNNVD
added 2025/11/13 12:0 a.m.3 views

lila 安全漏洞

lila is an ad-free and open source chess server from Lichess Open Source. A security vulnerability exists in lila, which stems from the unvalidated direct passing of the players parameter in the game export API, which could lead to server-side request forgery...

6.5CVSS6.7AI score0.0028EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.10 views

ZenTao多款产品 安全漏洞

ZenTao Biz and others are a project management software from the Chinese company ZenTao. A security vulnerability exists in several ZenTao products, which stems from insufficient validation of the parameter account in the file /zentao/user-login.html, which could lead to an SQL injection attack...

8.7CVSS7.5AI score0.00394EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

TechStore Pro 安全漏洞

TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from an unvalidated parameter q in the /searchresults endpoint that could lead to a cross-site scripting attack...

6.1CVSS6AI score0.00186EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/31 10:10 a.m.11 views

CVE-2025-54941

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

4.6CVSS7.3AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 5:32 p.m.17 views

CVE-2025-64116

Movary (a web app for tracking and exploring movie watch history) is affected by CVE-2025-64116. Prior to version 0.69.0, the login page accepts a redirect parameter without validation, enabling open redirect to arbitrary external sites. The issue is fixed in 0.69.0. Affected components: login/re...

6.1CVSS6.3AI score0.00228EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 5:32 p.m.3 views

CVE-2025-64116 Movary vulnerable to an open redirect

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...

5.1CVSS6.3AI score0.00228EPSS
Exploits1References3
OSV
OSV
added 2025/10/30 12:31 p.m.1 views

GHSA-V3C9-J6H9-66V4 Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

7.7CVSS6AI score0.00448EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/30 9:45 a.m.8 views

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

0.00448EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 9:45 a.m.42 views

CVE-2025-54941

The CVE-2025-54941 issue affects Apache Airflow, specifically the example_dag_decorator parameter handling. A non-validated parameter in the example DAG allowed a UI user to redirect to a malicious server and execute code on a worker, but exploitation requires that example DAGs are enabled in pro...

4.6CVSS6.9AI score0.00448EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.3 views

Zucchetti Ad Hoc Infinity 安全漏洞

Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity 4.2 and earlier versions, which stems from an unvalidated pHtmlSource parameter that could lead to a cross-site scripting attack...

6.1CVSS6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.2 views

Zucchetti Ad Hoc Revolution 安全漏洞

Zucchetti Ad Hoc Revolution is a business data processing system from Zucchetti, Italy. A security vulnerability exists in Zucchetti Ad Hoc Revolution 4.1 and earlier versions, which stems from an unvalidated pHtmlSource parameter that could lead to a cross-site scripting attack...

6.1CVSS6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

CSZ-CMS 安全漏洞

CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...

5.4CVSS7.6AI score0.00197EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

Clear2Pay Bank Visibility Application - Payment Execution 安全漏洞

Clear2Pay Bank Visibility Application - Payment Execution is a financial software component from Clear2Pay Belgium. A security vulnerability exists in Clear2Pay Bank Visibility Application - Payment Execution version 1.10.0.104, which originates from an unvalidated ID parameter in the URL and cou...

5.4CVSS6.1AI score0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.2 views

WordPress plugin PixelYourSite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

2.7CVSS6.3AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/23 12:0 a.m.3 views

ChanCMS /cms/model/hasUse File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...

7.2CVSS8.2AI score0.00597EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/23 12:0 a.m.12 views

ChanCMS /cms/article/update file SQL injection vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...

7.2CVSS8.2AI score0.00575EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS5.9AI score0.00216EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/21 12:0 a.m.3 views

Newforma Project Center Server Open Redirect Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An open redirection vulnerability exists in Newforma Project...

6.1CVSS6.6AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.4 views

PHP Education Management 安全漏洞

PHP Education Management is an education manager from the individual developer Iqbolshoh Ilhomjonov. A security vulnerability exists in PHP Education Management version 1.0, which stems from an unvalidated parameter participantname in the worksheet.php file and could lead to a cross-site scriptin...

6.1CVSS6.2AI score0.00208EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/15 12:0 a.m.5 views

ERPNext get_rfq_containing_supplier function SQL Injection Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...

8.2CVSS8.3AI score0.00305EPSS
Exploits1References1
Rows per page
Query Builder