Lucene search
K

956 matches found

attackerkb
attackerkb
added 2026/03/27 4:30 p.m.6 views

CVE-2026-33867

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...

9.1CVSS5.9AI score0.00152EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/26 6:16 p.m.5 views

GHSA-363V-5RH8-23WG AVideo has Plaintext Video Password Storage

Summary AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database via SQL injection, a database backup, or misconfigured access...

9.1CVSS6AI score0.00152EPSS
Exploits1References4
github
github
added 2026/03/26 6:16 p.m.10 views

AVideo has Plaintext Video Password Storage

Summary AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database via SQL injection, a database backup, or misconfigured access...

9.1CVSS5.9AI score0.00152EPSS
Exploits1References4Affected Software1
snyk
snyk
added 2026/03/26 6:16 p.m.13 views

Cleartext Storage of Sensitive Information

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the storage of video access passwords in plaintext within the database. An attacker can obtain sensitive...

9.1CVSS5.9AI score0.00152EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/03/26 3:14 p.m.7 views

CVE-2025-52637

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 2:59 p.m.4 views

CVE-2026-28430

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.8CVSS6.1AI score0.00329EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/26 1:7 p.m.2 views

CVE-2025-55262 HCL Aftermarket DPC is affected by SQL Injection

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database...

8.3CVSS5.8AI score0.00271EPSS
Exploits0References1
euvd
euvd
added 2026/03/24 12:30 p.m.6 views

EUVD-2019-20020

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

8.8CVSS6AI score0.00334EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.14 views

PT-2026-27301

Name of the Vulnerable Software and Affected Versions LearnDash LMS plugin for WordPress versions prior to 5.0.4 Description The software is susceptible to a blind time-based SQL injection through the filtersorderby order parameter within the 'learndash propanel template' AJAX action. This is a...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/03/23 2:14 p.m.5 views

CVE-2026-33485

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...

7.5CVSS5.8AI score0.00468EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/03/21 6:31 p.m.6 views

EUVD-2019-19899

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
github
github
added 2026/03/20 8:47 p.m.5 views

AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter

Summary The RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations — LiveTransmitionHistory::getLatest and LiveTransmition::keyExists — without parameterized binding...

7.5CVSS6AI score0.00468EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.17 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities; these vulnerabilities st...

8CVSS5.9AI score0.00279EPSS
Exploits1References2
euvd
euvd
added 2026/03/16 3:30 p.m.4 views

EUVD-2025-208741

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS6AI score0.00147EPSS
Exploits0References2
euvd
euvd
added 2026/03/16 3:30 p.m.6 views

EUVD-2025-208720

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/16 2:42 p.m.3 views

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS6AI score0.00147EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/16 2:42 p.m.25 views

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS0.00147EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/16 12:27 p.m.24 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS0.00225EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/16 12:27 p.m.3 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/16 12:0 a.m.9 views

PT-2026-25797

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom dates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.8CVSS6.1AI score0.00329EPSS
Exploits0References7
Rows per page
Query Builder