Lucene search
K

1762 matches found

EUVD
EUVD
added 2026/03/26 12:30 p.m.5 views

EUVD-2018-21675

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS6.2AI score0.00337EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/23 6:14 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...

9CVSS6.5AI score0.00549EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/20 4:8 p.m.7 views

CVE-2026-22732

A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...

9.1CVSS5.6AI score0.0048EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/03/12 3:37 p.m.28 views

CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS0.00359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24834

CVE-2026-2368 An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute… https://t.co/M7UelXEVSF...

7.5CVSS5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10508

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 12:0 a.m.31 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/09 12:0 a.m.9 views

CVE-2025-70033

CVE-2025-70033 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-79: Improper Neutralization of Input During Web Page Generation in Sunbird-Ed’s portal. CVSSv3.1 base: 5.4 (MEDIUM) with Network attack vector, Low confidentiality and integrity impact, no availability impact; user inter...

5.4CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/05 5:54 a.m.9 views

CVE-2026-27996

CVE-2026-27996 (WordPress Lingvico theme <= 1.0.14) is a Local File Inclusion (LFI) vulnerability caused by improper control of include/require filenames in PHP. Affected software is ThemeREX Lingvico Lingvico (WordPress theme) versions up to and including 1.0.14. The NVD entry and Red Hat/CVE...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.9 views

CVE-2026-27988

CVE-2026-27988 describes an unauthenticated Local File Inclusion in the WordPress ThemeREX Equadio theme (Equadio) <= 1.1.3, caused by improper control of the filename used in Include/Require. The vulnerability could allow an attacker to access local files on the server. Public sources in the ...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22825

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

5.8CVSS5.8AI score0.00318EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.4 views

CVE-2026-26702

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...

9.8CVSS6AI score0.00553EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 7:28 p.m.4 views

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS5.4AI score0.00327EPSS
Exploits1References5
NVD
NVD
added 2026/02/19 4:27 p.m.6 views

CVE-2025-71248

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.3 views

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

5.8AI score0.01649EPSS
Exploits2References1
CVE
CVE
added 2026/02/16 5:5 p.m.44 views

CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/11 2:56 p.m.12 views

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/09 8:11 a.m.10 views

CVE-2025-7799

CVE-2025-7799 describes a Reflected XSS vulnerability in Zirve Information Technologies Inc.’s E-Taxpayer Accounting Website (through 07082025). The issue stems from improper input neutralization during web page generation, enabling attacker-supplied input to be reflected back to the user in the ...

8.6CVSS5.4AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/02/08 12:16 a.m.6 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS0.00381EPSS
Exploits1References5
Rows per page
Query Builder