Lucene search
K

537 matches found

CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

CycloneDX Sunshine 安全漏洞

CycloneDX Sunshine is an open source visualization tool from CycloneDX. A security vulnerability exists in CycloneDX Sunshine version v0.9 that stems from processing JSON files without validating formulas, which could lead to a CSV injection attack...

5.4CVSS7AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from editorsqlrun and queryex being susceptible to SQL injection attacks that could lead to the execution of arbitrary...

6.5CVSS7.9AI score0.00325EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2025/07/16 11:22 p.m.4 views

SUSE CVE-2025-40913

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328...

6.5CVSS6.9AI score0.00275EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/07/14 11:21 p.m.4 views

SUSE CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

7.7CVSS8.6AI score0.00254EPSS
Exploits0References3
OSV
OSV
added 2025/07/10 6:28 p.m.15 views

CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

7.7CVSS8.6AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.8 views

Matrix Rust SDK SQL注入漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...

7.7CVSS7.7AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.3 views

Notepad Next 缓冲区错误漏洞

Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from an out-of-bounds read in the lparser.C file, which may result in an over-read of the heap buffer...

5.1CVSS6.8AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/17 6:31 a.m.22 views

CVE-2025-6167 themanojdesai python-a2a api.py create_workflow path traversal

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function createworkflow of the file pythona2a/agentflow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommend...

5.5CVSS0.0071EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/06/08 1:18 p.m.5 views

CVE-2025-30989

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows SQL Injection.This issue affects Libro de Reclamaciones y Quejas: from n/a through = 0.9...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.2 views

WordPress plugin Konami Easter Egg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS6.7AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 7:43 p.m.26 views

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

8.7CVSS0.00417EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.5 views

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

8.8CVSS7.6AI score0.00304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.13 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7CVSS5.7AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:18 a.m.8 views

CVE-2022-30012

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection...

7.5CVSS7.9AI score0.01676EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 p.m.6 views

CVE-2022-40810

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS9.4AI score0.01005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.8 views

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

6.5CVSS6.9AI score0.00793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.5 views

CVE-2021-36434

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/getmask.php...

9.1CVSS8.1AI score0.00864EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.8 views

CVE-2019-17493

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

6.1CVSS5.9AI score0.01068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.5 views

CVE-2019-17489

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...

6.1CVSS5.9AI score0.01058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:38 a.m.5 views

CVE-2011-3731

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107plugins/pdf/e107pdf.php and certain other files...

5CVSS6.5AI score0.01335EPSS
Exploits1References1
Rows per page
Query Builder