Lucene search
K

51 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.14 views

CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS0.00358EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.5 views

CVE-2026-5109 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.4 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

VideoFlow Digital Video Protection 路径遍历漏洞

VideoFlow Digital Video Protection is a broadcast-grade video transmission device developed by VideoFlow Corporation in the United States. Version 2.10 of VideoFlow Digital Video Protection contains a path traversal vulnerability. This vulnerability stems from authenticated directory traversal,...

7.1CVSS5.9AI score0.00596EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 11:16 a.m.5 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

8.5CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:40 p.m.8 views

EUVD-2026-19428

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...

8.8CVSS6.1AI score0.00416EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 12:58 p.m.20 views

CVE-2026-34890 WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

6.5CVSS0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

WordPress Plugin MSTW League Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28088

Name of the Vulnerable Software and Affected Versions mtrojnar Osslsigncode versions prior to 2.10 Description A flaw exists in mtrojnar Osslsigncode that could allow a remote attacker to gain higher system privileges. This issue is related to the osslsigncode.c component. Recommendations Update ...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/25 12:0 a.m.2 views

CVE-2025-70888

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...

9.8CVSS5.4AI score0.00482EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:53 p.m.4 views

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-68028

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

6.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 7:28 p.m.8 views

CVE-2019-25256

CVE-2019-25256 affects VideoFlow Digital Video Protection DVP 2.10. An authenticated directory traversal exists due to unvalidated ID parameters (e.g., via scripts like downloadsys.pl) allowing access to arbitrary system files. Impact includes potential exposure of sensitive files (CONFIDENTIALIT...

7.1CVSS6.4AI score0.00543EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.4 views

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

7.2CVSS7.6AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2025/10/26 5:38 a.m.24 views

CVE-2025-8709

CVE-2025-8709 affects langgraph-checkpoint-sqlite 2.0.10 in LangGraph’s SQLite store. The root cause is improper string concatenation of filter keys in _get_filter_condition(), allowing SQL injection via filter parameters and potentially exposing all documents and sensitive fields (e.g., password...

7.3CVSS7.5AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/10/17 5:11 p.m.23 views

CVE-2025-62419

DataEase (DataEase platform) prior to v2.10.14 contains a JDBC URL injection in the DB2 data source handler: when extraParams is empty, HOSTNAME, PORT, and DATABASE are concatenated into the JDBC URL without filtering, allowing an attacker to inject a malicious JDBC string via HOSTNAME to bypass ...

8.2CVSS6.8AI score0.00393EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29209

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00646EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29684

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00261EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29751

Malicious code in bioql PyPI...

6.1CVSS4.9AI score0.00364EPSS
Exploits1References6
Rows per page
Query Builder