Lucene search
K

469 matches found

CNNVD
CNNVD
added 2025/11/17 12:0 a.m.6 views

Kashipara Online Furniture Shopping Ecommerce Website 安全漏洞

Kashipara Online Furniture Shopping Ecommerce Website is a fast online shopping ecommerce website from Kashipara. A security vulnerability exists in Kashipara Online Furniture Shopping Ecommerce Website version 1.0, which stems from an unvalidated useremail parameter in userlogin.php, which could...

6.5CVSS7.7AI score0.00215EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.4 views

PT-2025-47187

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The software is susceptible to a SQL Injection issue through the user email parameter in the user login.php file. This allows for potential unauthorized access or manipulation of data. The...

6.5CVSS7.5AI score0.00215EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/17 12:0 a.m.3 views

EUVD-2024-55091

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...

6.5CVSS7.5AI score0.00215EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/17 12:0 a.m.3 views

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...

7.6AI score0.00215EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.6 views

PT-2025-47169

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to SQL Injection. The issue affects the user register.php file and involves the user email, username, user firstname, user lastname, and user...

6.5CVSS7.1AI score0.00215EPSS
Exploits1References5
CVE
CVE
added 2025/11/17 12:0 a.m.12 views

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. Multiple Connected sources corroborate a SQLi flaw stemming from unvalidated input in user_login.php, enabling potential unauthorized data access or manipulation. The attack surface is t...

6.5CVSS7.6AI score0.00215EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/16 6:31 a.m.7 views

EUVD-2025-197715

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References6
OSV
OSV
added 2025/11/16 4:15 a.m.5 views

CVE-2025-13235

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...

9.8CVSS5.8AI score0.00346EPSS
Exploits1References5
CVE
CVE
added 2025/11/16 3:32 a.m.20 views

CVE-2025-13235

Mode C: This CVE concerns itsourcecode Inventory Management System 1.0. The vulnerability exists in the /admin/login.php file, where manipulating the user_email parameter can trigger SQL injection. It is exploitable remotely and has publicly disclosed exploits. Connected documents corroborate a S...

9.8CVSS7.3AI score0.00346EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/11/16 12:0 a.m.7 views

itsourcecode Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...

9.8CVSS7.8AI score0.00346EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/16 12:0 a.m.7 views

PT-2025-47088

Name of the Vulnerable Software and Affected Versions Ascertia SigningHub versions through 8.6.8 Description A lack of rate limiting on the invite user function allows for an email bombing attack. An authenticated attacker can automate invite requests to a target email address. Recommendations...

4.3CVSS6.5AI score0.00293EPSS
Exploits0References5
OSV
OSV
added 2025/11/04 2:15 p.m.4 views

CVE-2025-41343

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 1:18 p.m.6 views

CVE-2025-41343 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

8.7CVSS0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/02 6:43 a.m.13 views

CVE-2025-6574

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

8.8CVSS6.6AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.9 views

PT-2025-44666

Name of the Vulnerable Software and Affected Versions ELOG affected versions not specified Description The ELOG platform, an electronic logbook system, has an issue where an authenticated attacker with low privileges can modify another user's profile. Specifically, an attacker can alter a target...

8.8CVSS6.6AI score0.00342EPSS
Exploits0References13
OSV
OSV
added 2025/10/27 9:30 p.m.2 views

GHSA-CW79-FQ4F-9R96 Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

4.6CVSS6.5AI score0.00202EPSS
Exploits0References5
Veracode
Veracode
added 2025/10/21 6:52 p.m.6 views

Command Injection

@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...

9.8CVSS8.1AI score0.00508EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/11 7:15 p.m.4 views

CVE-2025-11611

A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public...

8.8CVSS5.7AI score0.00309EPSS
Exploits1References5
CVE
CVE
added 2025/10/11 6:32 p.m.15 views

CVE-2025-11611

CVE-2025-11611 affects SourceCodester Simple Inventory System 1.0, with the vulnerability located in an unknown function of /user.php where manipulation of the uemail parameter yields SQL injection. The flaw is exploitable remotely and exploits have been publicly released. Multiple sources (NVD, ...

8.8CVSS6.4AI score0.00309EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-3337

Malware in sbrugna...

5CVSS6.1AI score0.0141EPSS
Exploits0References9
Rows per page
Query Builder