Lucene search
K

103 matches found

CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

code-projects Online Farm System 注入漏洞

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Value in the file /categoryvalue.php. The vulnerability can be exploited by an attacker to...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References5
OSV
OSV
added 2025/06/16 10:15 a.m.1 views

CVE-2025-6117

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /Reservations/Search of the component API. The manipulation of the argument Value leads to sql injection. The attack can be initiated...

9.8CVSS5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.3 views

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system from Das Corporation. A SQL injection vulnerability exists in Das Parking Management System version 6.2.0, which originates from an incorrect manipulation of the parameter Value in the file /Reservations/Search, resulting in SQL injecti...

9.8CVSS7.8AI score0.0037EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/31 12:0 a.m.3 views

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from a cross-site scripting attack due to incorrect operation of the parameter Default Value...

4.8CVSS3.9AI score0.00231EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:18 a.m.4 views

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

8.8CVSS5.9AI score0.01956EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.4 views

CVE-2022-43165

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...

5.4CVSS5.3AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 p.m.4 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.1CVSS6.4AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:17 a.m.3 views

CVE-2019-14343

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...

5.4CVSS5.5AI score0.0094EPSS
Exploits5References1
CNNVD
CNNVD
added 2025/05/10 12:0 a.m.4 views

Jiuhua MayiCMS 注入漏洞

Jiuhua MayiCMS is a categorized information system from Jiuhua Corporation in China. An injection vulnerability exists in Jiuhua MayiCMS 5.8E and earlier versions, which originates from SQL injection due to incorrect manipulation of the parameter Value in file/javascript.php...

9.8CVSS6.7AI score0.00332EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.12 views

PT-2025-16116 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The vulnerability allows unauthenticated attackers to inject a PHP Object via deserialization of...

9.8CVSS9.7AI score0.01119EPSS
Exploits0References19
BDU FSTEC
BDU FSTEC
added 2025/01/19 12:0 a.m.6 views

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the restartminvalue parameter. Exploiting this vulnerability allows a remote...

10CVSS5.9AI score0.17378EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-39585 · WordPress · Dpd Baltic Shipping

Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping plugin for WordPress versions up to, and including, 1.2.83 Description: The issue is related to Reflected Cross-Site Scripting via the search value parameter due to insufficient input sanitization and output escaping. This...

6.1CVSS6.8AI score0.00382EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

5.3CVSS3.3AI score0.00346EPSS
Exploits0References8
OSV
OSV
added 2024/09/06 9:15 p.m.2 views

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

8.8CVSS5.8AI score0.01956EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.5 views

DrayTek Vigor3900 安全漏洞

DrayTek Vigor3900 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor3900 v1.5.1.6, which originates from an authenticated command injection vulnerability via the value parameter in the filterstring function...

8.8CVSS7.5AI score0.01956EPSS
Exploits1References2
OSV
OSV
added 2024/07/12 9:15 a.m.5 views

CVE-2024-6353

The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'searchvalue' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

6.5CVSS5.9AI score0.00512EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

Online Book System 跨站脚本漏洞

Online Book System is an online booking system. A cross-site scripting vulnerability exists in code-projects Online Book System version 1.0, which stems from a cross-site scripting vulnerability in the value parameter of the /Product.php file...

6.1CVSS4.5AI score0.00619EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.6 views

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in code-projects Online Book System version 1.0, which originates from a SQL injection vulnerability in the value parameter of the /Product.php file...

9.8CVSS7AI score0.00766EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

jose2go Security Vulnerabilities

jose2go is a Golang implementation of the Javascript object signing and encryption specification for individual developers at DV. A security vulnerability exists in jose2go versions prior to 1.6.0, which originated from a vulnerability that allows an attacker to cause a denial of service via a...

7.5CVSS8.6AI score0.00824EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/10 12:0 a.m.4 views

CVE-2023-51126

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 Jan 2023 the FLIR AX8 should no longer be affected by the...

9.3AI score0.31097EPSS
Exploits1References1
Rows per page
Query Builder