Lucene search
K

688 matches found

CVE
CVE
added 2025/10/03 12:0 a.m.11 views

CVE-2025-57423

CVE-2025-57423 concerns MyClub 0.5. A SQL injection vulnerability exists in the /articles API endpoint, where insufficient input sanitisation affects the query parameters Content , GroupName , PersonName , lastUpdate , pool , and title . An unauthenticated remote attacker can craft a GET request ...

6.5CVSS7.5AI score0.00425EPSS
Exploits0References4
OSV
OSV
added 2025/10/03 12:0 a.m.7 views

CVE-2025-57423

A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...

6.5CVSS8AI score0.00425EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/30 10:36 p.m.1 views

CVE-2025-43826

Stored cross-site scripting XSS vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote...

4.8CVSS5.3AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 10:36 p.m.13 views

CVE-2025-43826

Stored cross-site scripting XSS vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote...

4.8CVSS0.00205EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/25 5:30 a.m.6 views

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2025/09/17 6:52 p.m.7 views

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

7.2CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/17 6:52 p.m.1 views

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

7.2CVSS6.4AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2025/09/17 6:52 p.m.3 views

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

7.2CVSS6.8AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.5 views

PT-2025-38255

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions prior to 1.2 Description: The Scratch Channel is a news website where a user with fork privileges can modify administrators and create articles via a POST request to the API. Recommendations: Update to version 1.2...

7.2CVSS6.4AI score0.00268EPSS
Exploits0References3
NVD
NVD
added 2025/08/28 5:15 p.m.5 views

CVE-2025-57759

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

4.3CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 4:32 p.m.25 views

CVE-2025-57759 Contao has improper privilege management for page and article fields

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

4.3CVSS6.4AI score0.00225EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/08/27 4:36 p.m.202 views

graph-rag-poc

Graph RAG Pipeline - Proof of Concept A locally-executable Gr...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-10198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal...

4.3CVSS5AI score0.00954EPSS
Exploits0References2
NVD
NVD
added 2025/08/25 10:15 p.m.6 views

CVE-2025-57805

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

8.7CVSS0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/25 9:15 p.m.10 views

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

8.7CVSS0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/20 7:44 a.m.9 views

CVE-2025-26855

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands...

9.8CVSS8.8AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/20 7:44 a.m.8 views

CVE-2025-26854

A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands...

9.8CVSS8.8AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/07/18 8:15 a.m.5 views

CVE-2025-26855

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands...

9.8CVSS0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/07/18 8:15 a.m.9 views

CVE-2025-26854

A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands...

9.8CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/18 7:38 a.m.4 views

CVE-2025-26855 Extension - joomcar.net - SQL injection in Articles Calendar 1.0.0 - 1.0.1.0007 for Joomla

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands...

8.7AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder