Lucene search
K

160 matches found

Cvelist
Cvelist
added 2025/12/24 7:27 p.m.28 views

CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...

5.3CVSS0.00216EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...

5.3CVSS6.2AI score0.00216EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53330

Name of the Vulnerable Software and Affected Versions Legrand BTicino Driver Manager F454 version 1.0.51 Description The software contains web vulnerabilities that permit attackers to carry out administrative tasks without sufficient request validation. An attacker can leverage cross-site request...

5.3CVSS6.1AI score0.00216EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/12/23 11:29 p.m.17 views

CVE-2023-53975

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

9.3CVSS8.5AI score0.00405EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

1Panel 安全漏洞

1Panel is an open source Linux server operations and management panel from the Chinese 1Panel community. A security vulnerability exists in 1Panel 2.0.13 and earlier versions, which stems from unvalidated client-side parameters and could lead to CAPTCHA bypass and account takeover...

7.5CVSS6.3AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/01 8:26 p.m.6 views

EUVD-2025-200084

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

7.1CVSS7AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/01 8:26 p.m.11 views

CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

7.1CVSS0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.7 views

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...

6.5CVSS8.2AI score0.00215EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS7.1AI score0.00287EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.4 views

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for the id and emailid parameters in password-recovery.php. An attacker can exploit this vulnerability to...

6.5CVSS8.1AI score0.00215EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.3 views

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...

6.1CVSS6.1AI score0.00196EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.4 views

PHPGurukul Student Record System 安全漏洞

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

6.5CVSS8.2AI score0.00215EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.6 views

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of external input SQL statements for multiple parameters in register.php. An attacker can exploit this vulnerability to execute illegal SQL...

6.5CVSS8.1AI score0.00215EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...

6.5CVSS7.1AI score0.03549EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

TOTOLINK A720R 安全漏洞

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

6.5CVSS7.4AI score0.01336EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44563

Name of the Vulnerable Software and Affected Versions LibreChat version 0.7.9 Description LibreChat version 0.7.9 is susceptible to a Denial of Service DoS attack. The /api/memories endpoint allows unbounded parameter values for the key and value parameters. Lack of proper validation for these...

7.5CVSS6.7AI score0.00313EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from unvalidated...

4.6CVSS7.1AI score0.00448EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/25 9:32 a.m.9 views

EUVD-2025-35921

The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...

7.5CVSS6.8AI score0.00337EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/24 6:0 a.m.2 views

CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...

6.4AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 6:0 a.m.8 views

CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...

0.00279EPSS
Exploits0References1
Rows per page
Query Builder