8 matches found
CVE-2026-41473
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...
EUVD-2025-203469
FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...
CVE-2025-59333
The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...
CVE-2025-59333
CVE-2025-59333 affects the MCP Server (mcp-database-server) 1.1.0 and earlier when distributed via the npm package @executeautomation/database-server. The root cause is inadequate enforcement of a read-only mode, enabling abuse against connected databases (e.g., PostgreSQL) and potentially other ...
PT-2023-16646 · Unknown · Sourcecodester Music Gallery Site
Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical issue has been found in the SourceCodester Music Gallery Site, affecting the Master.php file of the GET Request Handler component. The manipulation of the id argument leads...
YetiForceCrm 跨站脚本漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. YetiForceCrm suffers from a cross-site scripting vulnerability that originates when an administrator using the database information function can accidentally invoke and execute malicious code in two ways: 1 an insider...
Design flaws in the backend of Zendo project management software of Qingdao Easoft Tianchuang Network Technology Co.
Zendo is open source free project management software. Qingdao Easoft Tianchuang Network Technology Co., Ltd Zendo project management software backend there are design flaws vulnerabilities. Allow attackers to use the background sql query function to write webshell and gain server privileges...
IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection
The macro orderdspc.d2w in the remote IBM Net.Commerce 3x is vulnerable to a SQL injection attack via the 'orderrn' option. An attacker may use it to abuse your database in many ways. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...