Lucene search
K

328 matches found

Cvelist
Cvelist
added last week36 views

CVE-2026-13484 MLflow Experiment-scoped Label Schema CRUD API authorization

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...

5CVSS0.00263EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.9 views

CVE-2025-41029

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS5.6AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2022-31114

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS5AI score0.00303EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/03 8:25 p.m.13 views

backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

5.1CVSS5.7AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/03 8:25 p.m.8 views

GHSA-M8XX-3X29-84H8 backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 2:41 p.m.14 views

CVE-2022-31114

The CVE-2022-31114 entry concerns backpack/crud, a Laravel-related package set. Affected versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could leverage this in targeted phishing to trick users or admins into clicking a malicious link, with potentia...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 2:41 p.m.6 views

CVE-2022-31114

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 2:41 p.m.9 views

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 2:41 p.m.38 views

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 2:41 p.m.9 views

EUVD-2022-55999

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

Backpack CRUD 跨站脚本漏洞

Backpack CRUD is an open-source management panel for Eloquent models developed by Backpack for Laravel. Versions prior to 5.0.13, 4.1.69, and 4.0.63 had cross-site scripting vulnerabilities. These vulnerabilities were due to susceptibility to cross-site scripting attacks, potentially allowing...

5.1CVSS5AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45950

Name of the Vulnerable Software and Affected Versions backpack/crud versions prior to 5.0.13 backpack/crud versions prior to 4.1.69 backpack/crud versions prior to 4.0.63 Description Reflected Cross-Site Scripting XSS occurs because error views output the exception message without escaping it. An...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

WordPress plugin Games Catalog 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41209

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description All CRUD endpoints for the OpenAI Assistants Vector Store lack authentication middleware and permission checks. Specifically, the route path "/api/v1/openai-assistants-vector-store" is not included i...

8.8CVSS5.5AI score0.00327EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS5.7AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 11:17 p.m.2 views

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 10:15 p.m.12 views

CVE-2026-5985

CVE-2026-5985 affects code-projects Simple IT Discussion Forum 1.0. The vulnerable component is the /crud.php file, where manipulation of the user_Id argument leads to SQL injection. The issue is exploitable remotely and exploit code is publicly available (proof-of-concept). Documents do not spec...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 10:15 p.m.23 views

CVE-2026-5985 code-projects Simple IT Discussion Forum crud.php sql injection

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 10:15 p.m.2 views

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 10:15 p.m.2 views

CVE-2026-5985 code-projects Simple IT Discussion Forum crud.php sql injection

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Rows per page
Query Builder