Lucene search
+L

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/05/01 6:31 p.m.9 views

GHSA-Q57J-RWWX-7RWP MixPHP Framework has an SQL injection vulnerability via crafted `data` array

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

5.8AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.14 views

PT-2026-36489

Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists where the session and cache handlers utilize the unserialize function on data retrieved from Redis within the RedisHandler object. Recommendations ...

9.8CVSS5.8AI score0.0038EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.7 views

CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.8CVSS6.2AI score0.00463EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 9:28 p.m.1 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/23 8:36 p.m.8 views

Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Security Advisory — Page Management Plugin SSRF Summary A Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the...

6.8CVSS5.8AI score0.00347EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 3:46 a.m.2 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 12:30 a.m.19 views

CVE-2026-1194

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

7.5CVSS5.3AI score0.00685EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/19 11:32 p.m.4 views

CVE-2026-1194 MineAdmin Swagger information disclosure

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

6.9CVSS5.1AI score0.00685EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/19 11:2 p.m.4 views

CVE-2026-1193 MineAdmin View view improper authorization

A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...

6.5CVSS5.1AI score0.0032EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.10 views

PT-2025-54234

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software includes hardcoded credentials within its server binaries, which cannot be altered through standard device procedures. This allows attackers to gain unauthorized...

9.3CVSS6.6AI score0.00512EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0850

Malware in sbrugna...

4CVSS6.4AI score0.01488EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-33054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the...

7.5CVSS6.7AI score0.00987EPSS
Exploits0References2
OSV
OSV
added 2023/11/06 8:57 a.m.25 views

BIT-NGINX-INGRESS-CONTROLLER-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/02 1:44 a.m.29 views

CVE-2023-0228 Improper authentication vulnerability in S+ Operations

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2...

8.8CVSS8.9AI score0.00347EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.7 views

SUSE CVE-2015-2908

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...

9CVSS7.9AI score0.01783EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.12 views

PT-2022-26153 · Grails · Grails Spring Security Core Plugin

Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...

9.8CVSS9.5AI score0.01693EPSS
Exploits0References9
OSV
OSV
added 2022/08/04 6:15 p.m.6 views

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS5.8AI score0.00658EPSS
Exploits0References1
OSV
OSV
added 2022/05/13 1:12 a.m.20 views

GHSA-89F3-74M6-G27G Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS7.6AI score0.01457EPSS
Exploits0References11
Rows per page
Query Builder