Lucene search
K

12 matches found

OSV
OSV
added 2026/07/07 3:5 a.m.4 views

CVE-2026-34168 Coolify: Command injection via unsanitized persistent storage name in docker volume commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...

7.1CVSS6.3AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.4 views

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/27 9:1 p.m.23 views

CVE-2026-28352 Indico missing access check in event series management API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS0.00264EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 1:32 p.m.18 views

CVE-2025-13468

Summary (CVE-2025-13468): In SourceCodester Alumni Management System 1.0, the Delete Handler component (admin/admin_class.php) is affected. The vulnerability arises from manipulating the argument ID in functions delete_forum, delete_career, delete_comment, delete_gallery, and delete_event, which ...

8.1CVSS5.5AI score0.00337EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/09 7:15 p.m.6 views

CVE-2024-54931

A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

9.8CVSS6.1AI score0.00583EPSS
Exploits1References1
Prion
Prion
added 2015/05/21 8:59 p.m.14 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via a request to auth/process.php, 2 delete an administrator via a request to...

6.8CVSS7.8AI score0.02284EPSS
Exploits6References5Affected Software1
exploitpack
exploitpack
added 2012/04/03 12:0 a.m.37 views

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin Add Event)

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery Add Admin Add Event +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple PHP Agenda = 2.2.8 CSRF Add Admin - Add Event Date : 29-03-2012 Author...

6.8CVSS6.8AI score0.02284EPSS
Exploits6
Packet Storm
Packet Storm
added 2012/03/30 12:0 a.m.36 views

Simple PHP Agenda 2.2.8 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...

6.8CVSS0.2AI score0.02284EPSS
Exploits6
UbuntuCve
UbuntuCve
added 2010/02/12 10:30 p.m.39 views

CVE-2010-0637

Multiple cross-site request forgery CSRF vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that 1 delete an event or 2 ban an IP address from posting via unknown vectors. NOTE: some of these...

6.8CVSS5.9AI score0.00599EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/07/10 10:0 p.m.23 views

CVE-2006-3494

Multiple cross-site scripting XSS vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the 1 catid parameter to a viewclassifieds.php; 2 id parameter in b viewad.php; 3 eventid parameter in c viewevent.php, d deleteevent.php, and e editevent.php;...

5.9AI score0.03396EPSS
Exploits1References20
securityvulns
securityvulns
added 2006/07/02 12:0 a.m.47 views

Buddy Zone Version 1.0.1 - XSS

Buddy Zone Version 1.0.1 Homepage: http://www.vastal.com/buddy-zone-social-networking-script.html Affected files: Sending invitations Profiles Blogs Journals Posting comments Posting in the forum Sending mail Creating a group viewsubforum.php viewpost.php viewclassifieds.php viewad.php...

6.1AI score
Exploits0
Rows per page
Query Builder