Lucene search
K

398 matches found

Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37051

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A critical issue exists in HuangDou UTCMS version 9 related to SQL injection. The vulnerability affects the RunSql function within the app/modules/ut-data/admin/mysql.php file. Manipulation of the sql...

8.8CVSS7.3AI score0.00288EPSS
Exploits0References5
NVD
NVD
added 2025/09/09 8:15 p.m.28 views

CVE-2025-58761

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...

8.6CVSS0.00633EPSS
Exploits1References2
OSV
OSV
added 2025/09/09 3:15 a.m.7 views

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

7.2CVSS5.7AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

5.8CVSS5.3AI score0.003EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.6 views

maccms10 SQL注入漏洞

maccms10 is magicblack open source PHP+MYSQL environment to run a set of perfect and powerful rapid site-building system. maccms10 2025.1000.4050 version of the SQL injection vulnerabilities exist in the file application/admin/controller/Database. maccms10 2025.1000.4050 version of the SQL...

7.2CVSS5.8AI score0.003EPSS
Exploits0References4
ICS
ICS
added 2025/09/09 12:0 a.m.5 views

Siemens Apogee PXC and Talon TC Devices

SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a...

6.3CVSS6.7AI score0.00256EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.5 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

9.8CVSS8.7AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.3 views

Secure LogIn and SignUp API in PHP 安全漏洞

Secure LogIn and SignUp API in PHP is a security interface software by Vishnu Sivadas Individual Developer. A security vulnerability exists in Secure LogIn and SignUp API in PHP, which stems from an insecure SQL query construct in DataBase.php that could lead to SQL injection...

9.8CVSS7.4AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.8 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.2 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

8.6AI score0.00381EPSS
Exploits0References1
CVE
CVE
added 2025/08/22 12:0 a.m.22 views

CVE-2025-51092

The CVE-2025-51092 entry concerns the LogIn-SignUp project by VishnuSivadasVS. The underlying issue is SQL Injection due to unsafe SQL query construction in DataBase.php: logIn() and signUp() concatenate user input and unvalidated table names instead of using prepared statements. Although a prepa...

9.8CVSS8.3AI score0.00381EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-47927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data...

5.5CVSS5.2AI score0.00269EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.6 views

PMTicket Project-Management-Software 注入漏洞

PMTicket Project-Management-Software is an agile project management and issue tracking system from PMTicket open source. An injection vulnerability exists in pmTicket Project-Management-Software, which stems from SQL injection due to incorrect manipulation of the parameter userid of the function...

7.5CVSS7.8AI score0.00376EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.10 views

CVE-2024-45894

BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...

4.9CVSS7AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.7 views

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS6AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:56 a.m.10 views

CVE-2011-5280

Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service crash via a long trickle-up to 1 client/cstrickle.cpp or 2 db/dbbase.cpp...

5CVSS7.1AI score0.02732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:45 p.m.7 views

CVE-2008-5925

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...

5CVSS6.7AI score0.0117EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.11 views

CVE-2024-10513 Path Traversal in mintplex-labs/anything-llm

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the...

7.2CVSS7AI score0.00826EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12043 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.2.2 Description: A path traversal vulnerability exists in the 'document uploads manager' feature, allowing users with the 'manager' role to access and manipulate the 'anythingllm.db' database fil...

7.2CVSS6.9AI score0.00826EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

lmxcms 注入漏洞

lmxcms dream cms is a website builder from China Dream Cms lmxcms company. An injection vulnerability exists in lmxcms version 1.41, which originates from the file db.inc.php of the component Maintenance that can lead to code injection...

6.6CVSS5.3AI score0.00496EPSS
Exploits1References4
Rows per page
Query Builder