Lucene search
K

12 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS0.00592EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

0.00592EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-57679

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS6.1AI score0.00592EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/06 2:4 p.m.5 views

EUVD-2026-41876

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:4 p.m.11 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/02 12:49 p.m.42 views

CVE-2025-12462 Blind SQL Injection in DobryCMS

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0...

9.3CVSS0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.10 views

Studio Fabryka DobryCMS SQL注入漏洞

Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 8.0 had a SQL injection vulnerability. This vulnerability stemmed from SQL injections in URL paths, which could lead to blind injection attacks...

9.3CVSS5.8AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2026/02/14 6:42 a.m.13 views

CVE-2026-1792

The Geo Widget WordPress plugin (up to version 1.0) is vulnerable to Stored Cross-Site Scripting via the URL path due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts on pages viewed by users, leading to potential user-side code ex...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2014-2880

Malware in sbrugna...

4.3CVSS7.7AI score0.01639EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2023/08/09 12:0 a.m.9 views

CVE-2023-39000

A reflected cross-site scripting XSS vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path...

5.7AI score0.00495EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.32 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

9.8CVSS8.3AI score0.23293EPSS
Exploits3References9
OSV
OSV
added 2014/04/18 2:55 p.m.7 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

5.4AI score
Exploits0References10
Rows per page
Query Builder