Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-12643

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/01 4:18 p.m.21 views

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

5.1CVSS5.9AI score0.00194EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/01 4:12 p.m.21 views

CVE-2025-40618

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

9.3CVSS7.9AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2025/04/29 4:15 p.m.13 views

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

6.1CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2025/04/29 4:15 p.m.20 views

CVE-2025-40618

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

9.8CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/29 3:45 p.m.13 views

CVE-2025-40619 Improper access control vulnerability in Bookgy

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...

9.3CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/04/29 3:43 p.m.57 views

CVE-2025-40618

The CVE-2025-40618 entry describes an SQL injection in Bookgy, exploitable via the IDRESERVA parameter in /bkg_imprimir_comprobante.php. Affected component: Bookgy web API endpoint; root cause: improper input handling allowing arbitrary SQL access. Implications shown in metrics: high impact on co...

9.8CVSS7.4AI score0.00331EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/29 3:42 p.m.18 views

CVE-2025-40617 SQL injection vulnerability in Bookgy

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

9.3CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2025/04/29 3:40 p.m.54 views

CVE-2025-40616

Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/29 3:40 p.m.13 views

CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

5.1CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/29 3:40 p.m.19 views

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

5.1CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2025/04/29 3:40 p.m.55 views

CVE-2025-40615

CVE-2025-40615 concerns Bookgy, a booking system where a reflected Cross-Site Scripting (XSS) vulnerability exists in the /api/api_ajustes.php endpoint via the TEXTO parameter. The underlying issue is a reflected XSS flaw that can cause a user’s browser to execute attacker-supplied JavaScript whe...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/29 3:40 p.m.9 views

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

5.1CVSS5.6AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.6 views

PT-2025-18176 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is a SQL injection vulnerability that could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDRESERVA parameter in the...

9.3CVSS6.9AI score0.00331EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.7 views

PT-2025-18177 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a lack of proper authorization control in multiple areas of the Bookgy application. This deficiency could allow a malicious actor, without authentication, to reach...

9.3CVSS6AI score0.00344EPSS
Exploits0References9
Rows per page
Query Builder