Lucene search
K

139 matches found

Nuclei
Nuclei
added yesterday49 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.4AI score0.01937EPSS
Exploits1References4
CVE
CVE
added 6 days ago15 views

CVE-2026-14482

The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (

8.8CVSS6AI score0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-14482 多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...

8.8CVSS0.00318EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

UBUNTU-CVE-2026-58028

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

5.4CVSS6.1AI score0.00267EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.8 views

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

9.8CVSS7AI score0.0066EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-1836

Malware in sbrugna...

7.5CVSS7.4AI score0.02515EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6822

Malware in sbrugna...

7.5CVSS7.6AI score0.01303EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-11165

Malware in sbrugna...

9.8CVSS5.9AI score0.00628EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20707

Malware in sbrugna...

6.1CVSS6.3AI score0.01052EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8202

Malware in sbrugna...

9.8CVSS9.2AI score0.01838EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-12584

Malware in sbrugna...

6.1CVSS6.3AI score0.00614EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-19282

Malware in sbrugna...

9.8CVSS9.2AI score0.01145EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58880

Malicious code in bioql PyPI...

9.8CVSS6.1AI score0.00799EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-21555

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00924EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-30593

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00621EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/13 12:0 a.m.14 views

PT-2025-37390

Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file /api.php. Manipulation of the setrfidlist argume...

7.5CVSS7.3AI score0.00331EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.10 views

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

6.1CVSS6.1AI score0.00278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.6 views

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...

9.8CVSS8.1AI score0.01145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.22 views

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

9.8CVSS8AI score0.01089EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.7 views

CVE-2017-20168

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommende...

9.8CVSS7.5AI score0.00628EPSS
Exploits0References1
Rows per page
Query Builder