Lucene search
K

1190 matches found

CVE
CVE
added 2026/04/12 12:28 p.m.6 views

CVE-2019-25693

CVE-2019-25693 – ResourceSpace 8.6 SQL injection : An authenticated attacker can inject malicious SQL via the keywords parameter in collection_edit.php (also noted as collection edit.php in some sources), enabling execution of arbitrary queries and extraction of sensitive data such as schema info...

7.1CVSS6.2AI score0.00159EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25693 ResourceSpace 8.6 SQL Injection via collection_edit.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

7.1CVSS6.2AI score0.00159EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.4 views

PT-2026-32085

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the save course content order private method, which is called unconditionally by...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/10 8:30 a.m.4 views

CVE-2026-33455

Livestatus injection in the monitoring quicksearch in Checkmk 2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 3:18 p.m.2 views

CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...

8.8CVSS6.2AI score0.00537EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.4 views

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.4AI score0.96666EPSS
Exploits13References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30047

Name of the Vulnerable Software and Affected Versions Biztalk360 versions prior to 11.5 Description A flaw exists in Biztalk360 that allows an authenticated attacker to write files outside the intended destination directory and potentially bypass authentication. This is due to improper handling o...

8.3CVSS5.9AI score0.00655EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 3:31 p.m.8 views

EUVD-2026-18280

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.3 views

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

4.8CVSS6AI score0.0022EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 a.m.11 views

CVE-2026-4317

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

9.3CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 12:0 a.m.20 views

CVE-2026-30521

CVE-2026-30521 affects SourceCodester Loan Management System v1.0. The issue is a business logic vulnerability caused by missing server-side validation for the interest_rate field. Although the frontend blocks negative values, the backend does not, allowing an authenticated attacker to modify the...

6.5CVSS6AI score0.00313EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/30 5:16 p.m.4 views

CVE-2026-26352

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...

5.4CVSS0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29061

Name of the Vulnerable Software and Affected Versions Smoothwall Express versions prior to 3.1 Update 13 Description Smoothwall Express is affected by a stored cross-site scripting issue in the /cgi-bin/vpnmain.cgi script. The issue stems from insufficient input validation of the VPN IP parameter...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/28 9:49 p.m.310 views

Exploit for OS Command Injection in Hoverfly

CVE-2025-54123 Exploit Hoverfly Authenticated Middleware Comm...

9.8CVSS6.2AI score0.10543EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

6.5CVSS5.8AI score0.00288EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.3 views

CVE-2026-24641

A NULL Pointer Dereference vulnerability CWE-476 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP...

6.5CVSS5.8AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:25 a.m.2 views

CVE-2026-4335

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

5.4CVSS6AI score0.00176EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/25 8:41 p.m.1 views

CVE-2026-1015 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:30 p.m.3 views

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

6.8CVSS6AI score0.0088EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/21 3:30 p.m.27 views

CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

7.1CVSS0.00342EPSS
Exploits1References4
Rows per page
Query Builder