19 matches found
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
EUVD-2019-19727
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Summary: CVE-2019-25501 affects the Simple Job Script web application. The vulnerability resides in the server-side code handling the app_id parameter in the delete_application_ajax.php endpoint, enabling SQL injection to manipulate database queries. Public references indicate attackers can craft...
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2025-66472 XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
Impact A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to...
GHSA-7VPR-JM38-WR7W XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
Impact A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to...
CVE-2025-5317
An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...
CVE-2025-7134
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=deleteapplication. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. T...
CVE-2022-40928
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leavesystem/classes/Master.php?f=deleteapplication...
CVE-2023-34463 Unauthorized users can delete applications in DataEase
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 6.2-milestone-1 and earlier, which stems from a vulnerability that allows an attacker to spoof a URL to inject...
GHSA-4XM7-5Q79-3FCH XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...
CVE-2022-30413
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=deleteapplication...
CVE-2022-30413
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=deleteapplication...