CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-28278

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00566EPSS

Exploits1References1

OSV•added 2025/07/25 5:15 p.m.•1 views

CVE-2025-8162

A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument paramsdataScope leads to sql injection. The attack may be launched remotely. The...

8.8CVSS5.7AI score0.00223EPSS

Exploits1References4

OSV•added 2025/07/25 4:16 a.m.•1 views

CVE-2025-8127

A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

8.8CVSS5.7AI score

Exploits0References4

CNNVD•added 2025/07/25 12:0 a.m.•2 views

deer-wms-2 SQL注入漏洞

deer-wms-2 is a warehouse management system of China deerwms open source. A security vulnerability exists in deer-wms-2 3.3 and earlier versions, which originates from SQL injection due to incorrect manipulation of parameter paramsdataScope in file /system/user/export...

8.8CVSS6.8AI score0.00223EPSS

Exploits1References6

CNNVD•added 2025/07/25 12:0 a.m.•3 views

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . Deer-wms-2 3.3 and earlier versions exist injection vulnerability, the vulnerability stems from the file /system/role/list on the parameter params dataScope wrong operation leads to SQL injection...

8.8CVSS6.9AI score0.00223EPSS

Exploits1References6

CNNVD•added 2025/07/25 12:0 a.m.•2 views

deer-wms-2 SQL注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source. A security vulnerability exists in deer-wms-2 3.3 and earlier versions, which originates from SQL injection due to incorrect manipulation of paramsdataScope in the file /system/role/authUser/allocatedList...

9.8CVSS6.8AI score0.00223EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 10:23 a.m.•4 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

9.8CVSS8.4AI score0.00053EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:23 a.m.•7 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

9.8CVSS8.4AI score0.00052EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:23 a.m.•6 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

9.8CVSS8.4AI score0.00052EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:1 a.m.•6 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

6.3CVSS8.7AI score0.01655EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:32 a.m.•8 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

9.8CVSS9.8AI score0.00052EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:21 a.m.•22 views

CVE-2023-24220

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...

9.8CVSS8.3AI score0.00566EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:21 a.m.•6 views

CVE-2023-24221

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...

9.8CVSS8.3AI score0.00566EPSS

Exploits1References1

OSV•added 2024/07/12 4:15 p.m.•1 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

9.8CVSS5.8AI score0.00052EPSS

Exploits1References1

NVD•added 2024/07/12 4:15 p.m.•16 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

9.8CVSS0.00052EPSS

Exploits1References1

NVD•added 2024/07/12 4:15 p.m.•18 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

9.8CVSS0.00052EPSS

Exploits1References1

OSV•added 2024/07/12 4:15 p.m.•1 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

9.8CVSS5.8AI score0.00052EPSS

Exploits1References1

Positive Technologies•added 2024/07/12 12:0 a.m.•3 views

PT-2024-28904 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...

9.8CVSS7.7AI score0.00052EPSS

Exploits1References4

Positive Technologies•added 2024/07/12 12:0 a.m.•2 views

PT-2024-28907 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/role?offset" API endpoint. Recommendations: For versions pri...

9.8CVSS7.7AI score0.00053EPSS

Exploits1References3