Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16748

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32948

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00513EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 p.m.15 views

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

6.1CVSS6.3AI score0.00641EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 p.m.11 views

CVE-2020-35597

Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...

8.8CVSS8AI score0.01442EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.6 views

CVE-2019-14792

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectanglename or rectangleopacity parameter...

5.4CVSS6AI score0.01063EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 a.m.8 views

CVE-2011-5300

Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...

6.8CVSS7.5AI score0.00609EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.13 views

CVE-2019-14785

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php=1 cpcontactformppid parameter...

5.4CVSS6.2AI score0.00797EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

Telesquare TLR-2005Ksh 安全漏洞

The Telesquare TLR-2005Ksh is a wireless router from the South Korean company Telesquare. A security vulnerability exists in Telesquare TLR-2005Ksh version 1.1.4, which originates from unauthorized command execution when requesting the admin.cgi parameter setAutorest...

9.8CVSS7AI score0.00612EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-33051 · Unknown · School Erp Pro+Responsive

Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows SQL injection through the "/SchoolERP/office admin/" index in parameters such as groups id, examname, classes id, es voucherid, es class, etc. This could enable a remote...

9.8CVSS7.4AI score0.00737EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/08/09 6:47 p.m.21 views

CVE-2020-17451

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...

5AI score0.00611EPSS
Exploits1References2
CNVD
CNVD
added 2018/01/15 12:0 a.m.8 views

Piwigo cross-site scripting vulnerability (CNVD-2018-04285)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in Piwigo version 2.8.2. A remote attacker can exploit this vulnerability to...

6.1CVSS6.5AI score0.00683EPSS
Exploits3References1
OSV
OSV
added 2017/12/18 9:29 a.m.5 views

CVE-2017-17651

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...

9.8CVSS5.8AI score0.0305EPSS
Exploits5References2
Cvelist
Cvelist
added 2017/11/27 9:0 p.m.22 views

CVE-2017-1251

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631...

4.4AI score0.00739EPSS
Exploits0References2
NVD
NVD
added 2017/02/01 8:59 p.m.19 views

CVE-2016-2987

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker...

4.3CVSS4.7AI score0.00773EPSS
Exploits0References2
CNVD
CNVD
added 2015/09/25 12:0 a.m.7 views

WordPress Google Analyticator plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Google Analyticator is one of the Google Analytics plug-ins. A cross-site scripting vulnerability exists in WordPre...

4.3CVSS6AI score0.02671EPSS
Exploits2References1
Cvelist
Cvelist
added 2015/01/29 3:0 p.m.26 views

CVE-2015-1422

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

5.8AI score0.04076EPSS
Exploits1References7
NVD
NVD
added 2015/01/01 11:59 a.m.18 views

CVE-2011-5300

Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...

6.8CVSS7.1AI score0.00609EPSS
Exploits1References1
Cvelist
Cvelist
added 2011/01/20 6:0 p.m.25 views

CVE-2011-0504

Multiple cross-site scripting XSS vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the 1 status parameter to admin/orders.php, 2 search parameter to admin/customers.php, or 3 STORENAME parameter to...

5.8AI score0.04006EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2010/01/06 12:0 a.m.4 views

PT-2010-1400 · Roseonline · Roseonlinecms

Name of the Vulnerable Software and Affected Versions: RoseOnlineCMS versions 3 B1 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter in the modules/admincp.php file when magic quotes gpc...

9.8CVSS9.4AI score0.05236EPSS
Exploits1References7
NVD
NVD
added 2004/12/31 5:0 a.m.13 views

CVE-2004-2023

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the 1 adminname or 2 adminpass parameters...

7.5CVSS8.2AI score0.01812EPSS
Exploits0References10
Rows per page
Query Builder