Lucene search
K

87401 matches found

CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforceable administrator role authorization for the...

8.8CVSS6.1AI score0.26409EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30587

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.8 views

PT-2026-30713

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize settings nativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30628

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

5.4CVSS6AI score0.00254EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.8 views

PT-2026-30597

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin feature.php of the component Add Product Page. The manipulation of the argument product name results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/05 9:30 p.m.3 views

EUVD-2019-20099

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS5.9AI score0.00132EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/05 9:30 p.m.3 views

EUVD-2019-20085

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS6AI score0.00529EPSS
Exploits1References4
NVD
NVD
added 2026/04/05 9:16 p.m.4 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS0.00132EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:58 p.m.2 views

CVE-2019-25675

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS6AI score0.00529EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/05 8:58 p.m.19 views

CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS0.00529EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/05 8:58 p.m.2 views

CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS6AI score0.00529EPSS
Exploits1References3
CVE
CVE
added 2026/04/05 8:58 p.m.8 views

CVE-2019-25675

CVE-2019-25675 concerns the eDirectory product, affecting all versions per title, with multiple SQL injection vulnerabilities. The root cause is unparameterized SQL in the login flow, allowing unauthenticated attackers to bypass administrator authentication by injecting SQL into the key parameter...

8.8CVSS6AI score0.00529EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/05 8:45 p.m.12 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery (CSRF) vulnerability in users.php that allows authenticated administrators to be tricked into submitting POST requests (e.g., source=add_user, source=edit_user, or del=1) to create, modify, or delete admin accounts. The attack is network-based wit...

5.3CVSS5.9AI score0.00132EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS5.9AI score0.00132EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25682 CMSsite 1.0 Cross-Site Request Forgery via users.php

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS5.9AI score0.00132EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.21 views

CVE-2019-25682 CMSsite 1.0 Cross-Site Request Forgery via users.php

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS0.00132EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/04/05 5:35 p.m.113 views

Exploit for CVE-2025-1738

CVE-2025-1738 - Trivision Camera NC227WF PoC...

7.1CVSS5.9AI score0.00287EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/04/05 4:58 p.m.6 views

CVE-2026-2936

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder