Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1062

Malware in sbrugna...

5CVSS6.4AI score0.01246EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/10 7:18 p.m.7 views

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS5.9AI score0.0037EPSS
Exploits0References1
OSV
OSV
added 2025/08/25 6:15 p.m.4 views

CVE-2025-9412

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

9.8CVSS7.2AI score
Exploits0References6
OSV
OSV
added 2025/08/08 5:15 p.m.6 views

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

8.8CVSS7.2AI score
Exploits0References3
Cvelist
Cvelist
added 2025/08/08 12:0 a.m.11 views

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/08 12:0 a.m.25 views

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

7.1CVSS0.00296EPSS
Exploits0References3
NVD
NVD
added 2025/05/30 6:15 a.m.16 views

CVE-2025-48881

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...

8.3CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/30 5:21 a.m.11 views

CVE-2025-48881 Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...

8.3CVSS8.3AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 6:15 p.m.12 views

CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS0.00348EPSS
Exploits0References3
OSV
OSV
added 2025/01/15 12:15 a.m.4 views

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

6.5CVSS5.8AI score0.00353EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.8 views

gymxmjpa 安全漏洞

gymxmjpa is a gym management system for liujianview individual developers. A security vulnerability exists in gymxmjpa version 1.0, which originates in the src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java file, where the subname parameter in the SubjectDaoImpl function contain...

8.8CVSS7AI score0.00499EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.6 views

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...

7.9CVSS7.5AI score0.00855EPSS
Exploits0References4
OSV
OSV
added 2022/08/18 2:15 a.m.3 views

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

9.8CVSS6AI score0.00716EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/18 2:15 a.m.8 views

CVE-2022-35605

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc...

9.8CVSS7.7AI score0.00716EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.6 views

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...

9.8CVSS9AI score0.00758EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2015/11/10 12:0 a.m.4 views

Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6071)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.21661EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/10/14 12:0 a.m.6 views

Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4137)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.22736EPSS
Exploits0
Rows per page
Query Builder