82324 matches found
ExploitReaper
Exploit Reaper...
The Baby Steps of the European Union Vulnerability Database: An Empirical Inquiry
A new European Union Vulnerability Database EUVD was introduced via a legislative act in 2022. The paper examines empirically the meta-data content of the new EUVD. According to the results, actively exploited vulnerabilities archived to the EUVD have been rather severe, having had also high...
ArangoDB Community Edition 跨站脚本漏洞
ArangoDB Community Edition is a native multi-model database provided by the American company ArangoDB. Version 3.4.2-1 of ArangoDB Community Edition contains cross-site scripting vulnerabilities. These vulnerabilities stem from multiple cross-site scripting vulnerabilities in the search, user...
Debian dsa-6136 : python-django-doc - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6136 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6136-1 [email protected] https://www.debian.org/securit...
CVE-2026-2024
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin Mail Mint SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-8091
@VulmonFeeds 🚨 CVE-2025-27573 has been marked as Rejected in the official CVE List. This means it does not qualify as a valid vulnerability entry, though it remains stored in the NVD database without appearing in default search results. CVE CyberSecurity...
PT-2026-8099
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...
CVE-2026-26218
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...
Xerte Online Toolkits Arbitrary File Upload - Upload Image
This module exploits the user template file import function's unrestricted file upload in versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is "Db". OPSEC - if the user is logged...
CLSA-2026-1771005847 Update of alt-php
Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 - CosmicSting XXE Exploit !Python Versionht...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
SUSE CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...
IBM DB2 DoS (7259963) (Windows)
According to its self-reported version number, IBM Db2 is affected by a denial of service vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data quer...
📄 Oracle Database Server 9.2.0.5 SQL Injection
Oracle Database Server version 9.2.0.5 proof of concept remote SQL injection exploit that leverages SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION and makes use of an older vulnerability from 2005...
CVE-2019-25342
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
CVE-2019-25342
CVE-2019-25342 affects Centova Cast 3.2.12. The vulnerability is a denial-of-service in which repeatedly calling the database export API endpoint (via /api.php) with crafted parameters and multiple concurrent requests can drive the system to 100% CPU. Metrics indicate high impact to availability ...