Lucene search
K

149 matches found

Vulnrichment
Vulnrichment
added 2026/03/23 12:59 p.m.3 views

CVE-2025-41008 SQL Injection in Sinturno

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 3:27 a.m.30 views

CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...

7.2CVSS0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.1 views

CVE-2026-1648

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...

7.2CVSS6AI score0.00374EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.10 views

PT-2026-26719

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 1.6.3. This is due to the action function in the TemplateData class passing user-supplied input from the 'emailkit-editor-templat...

4.9CVSS5.9AI score0.00397EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.10 views

Amazon S3 for Craft CMS 信息泄露漏洞

Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 5:53 p.m.6 views

EUVD-2026-11647

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 5:53 p.m.6 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-25034

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/10 7:55 p.m.36 views

CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

8.7CVSS0.00436EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/06 3:4 p.m.30 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:4 p.m.2 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:4 p.m.5 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 3:4 p.m.14 views

CVE-2026-2752

CVE-2026-2752 affects Navtor NavBox via the /api/ais-data endpoint, where a remote unauthenticated attacker can trigger an unhandled exception, causing verbose .NET stack traces to be returned. This information disclosure exposes internal class names, methods, and third‑party library references (...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23716

Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description A remote, unauthenticated attacker can send crafted requests to the /api/ais-data endpoint, triggering an unhandled exception. This causes the server to return verbose .NET stack traces...

5.3CVSS5.2AI score0.00261EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the API/ais-data endpoint not handling...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.10 views

CVE-2026-28424

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/03/01 1:30 a.m.3 views

GHSA-W878-F8C6-7R63 Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/01 1:30 a.m.8 views

Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/27 10:14 p.m.7 views

CVE-2026-28424 Statamic's missing authorization allows access to email addresses

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/27 6:31 p.m.4 views

EUVD-2019-19718

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
Rows per page
Query Builder