CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/03/11 9:49 p.m.•13 views

CVE-2025-27792 Opal vulnerable to CSRF protection bypass

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

8.7CVSS0.00051EPSS

CVE•added 2025/03/11 9:49 p.m.•51 views

CVE-2025-27792

Opal CSRF protection bypass (CVE-2025-27792) affects Opal prior to v5.1.1. The issue arises because the referrer header can be dropped in CSRF requests (e.g., via ), bypassing server checks. A patch exists in version 5.1.1. Some sources indicate PoC exploitation is possible; CVSS details in the r...

8.7CVSS6.8AI score0.00051EPSS

Vulnrichment•added 2025/03/11 9:49 p.m.•4 views

CVE-2025-27792 Opal vulnerable to CSRF protection bypass

8.7CVSS6.8AI score0.00051EPSS

CVE•added 2025/03/11 9:32 p.m.•53 views

CVE-2025-27101

CVE-2025-27101 — Opal filesystem copy path traversal / access control issue : Opal (OBiBa) before version 5.1.1 exposes files from a user’s directory when copying any parent directory to a folder under /temp/. This flaw allows any user (including low-privilege DataShield users) to access files th...

8.6CVSS6.4AI score0.00157EPSS

Exploits0References2

Prion•added 2024/02/23 9:15 p.m.•10 views

Open redirect

Rejected reason: This is unused...

6.8AI score

CNVD•added 2022/01/26 12:0 a.m.•16 views

Sourcecodester Online Project Time Management System SQL Injection Vulnerability

Sourcecodester Online Project Time Management System is a web-based online project time management system that provides an online platform for a company's employees to report/record their assigned time or the time each project is resubmitted. sourcecodester Online Project Time Management System i...

9.8CVSS2.6AI score0.00264EPSS

Exploits1References1

CNVD•added 2022/01/25 12:0 a.m.•10 views

Hospital Managment System SQL Injection Vulnerability (CNVD-2022-22666)

Hospital Managment System HMS is a computer or web-based system that helps manage the operations of a hospital or any medical facility.Hospital Managment System is vulnerable to a SQL injection vulnerability that stems from a database based application that lacks validation of externally entered...

9.8CVSS2.3AI score0.00307EPSS

Exploits1References1

CNVD•added 2022/01/25 12:0 a.m.•8 views

Hospital Managment System SQL注入漏洞

Hospital Managment System HMS is a computer or web-based system that helps manage the operations of a hospital or any healthcare facility.Hospital Managment System is vulnerable to a SQL injection vulnerability that stems from a database based application that lacks validation of externally enter...

9.8CVSS2.2AI score0.00311EPSS

Exploits4References1

Prion•added 2021/07/02 6:15 p.m.•16 views

Information disclosure

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application...

4.3CVSS5.4AI score0.01096EPSS

Exploits1References2Affected Software1

CNVD•added 2021/03/19 12:0 a.m.•9 views

Wordpress Slider by 10Web SQL Injection Vulnerability

Wordpress Slider by 10Web is an open source application plugin for Wordpress. Provides a versatile solution for adding a fast loading, responsive and SEO friendly slider to website pages, posts, theme headers or any other location. Slider by 10Web WordPress plugin versions prior to 1.2.36 suffers...

8.8CVSS7.5AI score0.00501EPSS

Exploits2References1

CNVD•added 2020/01/08 12:0 a.m.•1 views

Dairy Farm Shop Management System SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . A SQL injection vulnerability exists in Dairy Farm Shop Management System version 1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in a database-based application. ...

9.8CVSS8.2AI score0.80522EPSS

Exploits1References1

seebug.org•added 2014/07/01 12:0 a.m.•13 views

efiction 1.0/1.1/2.0 titles.php let Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...

seebug.org•added 2014/07/01 12:0 a.m.•8 views

Thwboard Beta 2.8 v_profile.php user Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15763/info ThWboard is prone to multiple input validation vulnerabilities. The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

efiction 1.0/1.1/2.0 titles.php let Parameter SQL Injection

seebug.org•added 2014/07/01 12:0 a.m.•21 views

efiction 1.0/1.1/2.0 viewuser.php uid Parameter SQL Injection