Lucene search
K

160 matches found

Vulnrichment
Vulnrichment
added 2025/05/12 11:34 p.m.6 views

CVE-2023-49641 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.6AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2025/04/24 6:15 a.m.5 views

CVE-2025-2558

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...

8.6CVSS5.9AI score0.02134EPSS
Exploits1References1
CNVD
CNVD
added 2025/04/09 12:0 a.m.3 views

MongoDB Server Denial of Service Vulnerability (CNVD-2025-15801)

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...

6.5CVSS7AI score0.00387EPSS
Exploits0Affected Software4
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

9.8CVSS8.2AI score0.00586EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/22 1:11 p.m.6 views

CVE-2024-12580

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

5.3CVSS7.6AI score0.00458EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

4.3CVSS5.2AI score0.00458EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from the exportModelDetails function not validating user-controllable parameters, which could lead to arbitrary file overwrites...

8.2CVSS8.1AI score0.00514EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.3 views

imFAQ 安全漏洞

imFAQ is an advanced question and answer management system for ImpressCMS websites open-sourced by Impress Modules. A security vulnerability exists in versions prior to imFAQ 1.0.1 that stems from seoOp parameters that are not cleaned or validated, which could lead to a local file inclusion that...

6.9CVSS6.2AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.4 views

Code-Projects Modern Bag 安全漏洞

Modern Bag is an online management system. Modern Bag suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters userEmail/userPassword in the /login.php file. An attacker can exploit this vulnerability to execute...

9.8CVSS7.9AI score0.00487EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.6 views

FeMiner wms 安全漏洞

FeMiner wms is a warehouse management system for Chinese front-end miners FeMiner individual developers. A SQL injection vulnerability exists in FeMiner wms version 1.0, which stems from the lack of validation of the date1, date2, id parameters against externally entered SQL statements. An attack...

7.5CVSS8.2AI score0.00457EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.3 views

Atheos 代码注入漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A code injection vulnerability exists in versions prior to Atheos v600 that stems from parameters not being properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on...

9.4CVSS7.5AI score0.00628EPSS
Exploits0References1
Huntr
Huntr
added 2024/10/25 6:33 p.m.5 views

Logs Debug Injection In File Download

Description In 2 API: /code/download/:sessionId/:fileId and /download/:userId/:fileid The parameters sessionId, fileId, userId, fileid are not validated or filtered at all but are saved directly to log.debug Proof of Concept Prepare: The logs file on the server is stored at /app/api/debug-.log I...

5.3CVSS5.2AI score0.00458EPSS
Exploits1
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.5 views

FormosaSoft ee-class SQL注入漏洞

FormosaSoft ee-class is a recording software from the Chinese company FormosaSoft. A SQL injection vulnerability exists in versions prior to FormosaSoft ee-class 20240326.13r14494, which stems from failure to properly validate specific page parameters, allowing a remote attacker with regular...

8.8CVSS8AI score0.00626EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.6 views

WordPress plugin Web Directory Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

9.1CVSS6.6AI score0.05578EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/08/14 12:0 a.m.4 views

SECOM Dr.ID Access Control System 安全漏洞

SECOM Dr.ID Access Control System is an access control system from China Zhongbao SECOM. A security vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.6.3, which stems from the presence of specific page parameters that are not properly validated, allowing an...

9.8CVSS7.5AI score0.00835EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.5 views

WordPress Plugin Quiz and Survey Master Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.8AI score0.00591EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.6 views

Bar Assistant Security Breach

Bar Assistant is a self-hosted application for managing home bars. A security vulnerability exists in Bar Assistant that stems from not validating parameters before making a request via Image::make, which could lead to arbitrary code execution...

8.8CVSS7.6AI score0.0113EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 12:15 p.m.4 views

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

2.7CVSS5.7AI score0.00585EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.4 views

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

9.8CVSS8AI score0.00831EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.6 views

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

9.8CVSS8AI score0.00831EPSS
Exploits1References4
Rows per page
Query Builder