Lucene search
+L

48 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.4 views

CVE-2021-47782

Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate...

8.2CVSS5.9AI score0.00411EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-1843

Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. The attack is performed via the GET request parameters. T...

7.5CVSS7.4AI score0.00372EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.12 views

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2021-28347

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.05881EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-29973

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.13 views

PT-2025-40025

Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...

9.8CVSS8.6AI score0.01161EPSS
Exploits0References13
NVD
NVD
added 2025/09/10 2:15 p.m.20 views

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

8.8CVSS0.0123EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 4:49 p.m.34 views

GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

6.1CVSS6.8AI score0.00434EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/22 3:18 p.m.14 views

CVE-2025-53363 Dpanel has an arbitrary file read vulnerability

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS0.00434EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/25 2:45 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

6.9CVSS6.8AI score0.00602EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.7 views

ChestnutCMS 代码问题漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A code issue vulnerability exists in ChestnutCMS 15.1 and earlier versions, which stems from a deserialization issue in API endpoint files...

8.8CVSS6.7AI score0.00409EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.8 views

CVE-2022-40928

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leavesystem/classes/Master.php?f=deleteapplication...

7.2CVSS7.6AI score0.0083EPSS
Exploits1References1
OSV
OSV
added 2025/04/01 3:6 p.m.10 views

CVE-2025-31132 Raven allows Remote Code Execution due to improper validation

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

8.1CVSS7.4AI score0.00566EPSS
Exploits0References3
NVD
NVD
added 2025/03/11 1:15 a.m.9 views

CVE-2025-25245

SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...

6.1CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/11 12:34 a.m.7 views

CVE-2025-25245 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...

5.4CVSS7AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2025/03/11 12:34 a.m.58 views

CVE-2025-25245

CVE-2025-25245 affects SAP BusinessObjects BI Platform (Web Intelligence). A deprecated web application endpoint that is not properly secured allows injection of a malicious URL via data returned to the user, enabling cross-site scripting within the victim’s browser. Impacts are limited to confid...

6.1CVSS7AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.11 views

PT-2025-4043 · Unknown · Pankajindevops

Name of the Vulnerable Software and Affected Versions: pankajindevops affected versions not specified Description: A problematic issue has been detected in pankajindevops, affecting an unknown part of the API Endpoint component. This issue leads to improper access controls and can be initiated...

6.5CVSS6.9AI score0.00306EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/01/22 5:15 p.m.3 views

CVE-2025-20156

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS7.4AI score0.01159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.8 views

PT-2024-34604 · Unknown · Linux Server Heimdall

Name of the Vulnerable Software and Affected Versions: Linux Server Heimdall version 2.6.1 Description: An issue in Linux Server Heimdall allows a remote attacker to execute arbitrary code via a crafted script to the "Add new application" endpoint. Recommendations: For Linux Server Heimdall versi...

9.8CVSS8.2AI score0.00924EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.4 views

PT-2024-32401 · Unknown · Apex Softcell Ld Geo

Name of the Vulnerable Software and Affected Versions: Apex Softcell LD Geo affected versions not specified Description: The issue exists due to improper validation of certain parameters Client ID, DPID, or BOID in the API endpoint. An authenticated remote attacker could exploit this by...

8.7CVSS6.7AI score0.00436EPSS
Exploits0References8
Rows per page
Query Builder