Lucene search
K

1563 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.8 views

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

10CVSS7.5AI score0.02377EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/02 7:40 a.m.176 views

OreaHax-Framework

OreaHax-Framework ╔════════════════════════════════════...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-25910

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

8.2CVSS6AI score0.00608EPSS
Exploits0References11
Veracode
Veracode
added 2025/12/13 7:43 a.m.10 views

SQL Injection

assyncmy is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted dictionary keys in SQL query construction, which allows an attacker to inject and execute arbitrary SQL commands...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 4:0 p.m.3 views

CVE-2025-13372

A flaw was found in Django. This vulnerability allows Structured Query Language SQL injection in column aliases via a suitably crafted dictionary with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Mitigation Mitigation for this issue is either no...

4.3CVSS7.1AI score0.00904EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/10 8:19 p.m.6 views

CVE-2025-66625

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.9AI score0.00313EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/10 6:4 p.m.6 views

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS7.3AI score0.19396EPSS
Exploits10References8
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.11 views

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS7.1AI score0.19396EPSS
Exploits10References8
Vulnrichment
Vulnrichment
added 2025/12/09 8:9 p.m.3 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.5AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 8:9 p.m.5 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.7AI score0.00313EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 8:9 p.m.18 views

CVE-2025-66625

CVE-2025-66625 affects Umbraco CMS (ASP.NET) versions 10.0.0–13.12.0. During the dictionary upload process, unsafe handling/deletion of temporary files enables a backoffice attacker to trigger predictable requests to temporary file paths, causing error responses (HTTP 500 if a file exists, 404 if...

4.9CVSS6.5AI score0.00313EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/09 8:9 p.m.26 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 5:12 p.m.4 views

EUVD-2025-202178

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality...

4.9CVSS6.3AI score0.00313EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/09 5:12 p.m.3 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the dictionary import process. An attacker can enumerate the existence of arbitrary files on the server's filesystem and, in certain configurations, may expose the NTLM hash of the...

6.9CVSS6.9AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 5:12 p.m.5 views

GHSA-HFV2-PF68-M33X Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.7AI score0.00313EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/09 5:12 p.m.7 views

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.8AI score0.00313EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2025/12/09 1:59 p.m.157 views

SqlScanner

SqlScanner SQL Injection Scanner deve...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50229

Name of the Vulnerable Software and Affected Versions Umbraco versions 10.0.0 through 13.12.0 Description Umbraco, an ASP.NET CMS, experiences an issue related to the unsafe handling and deletion of temporary files during the dictionary upload process. An attacker with backoffice access can...

4.9CVSS6.8AI score0.00313EPSS
Exploits0References6
OSV
OSV
added 2025/12/02 9:31 p.m.1 views

GHSA-QHQW-RRW9-25RM asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.11 allows attackers to execute arbitrary SQL commands via crafted dict keys...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/02 6:30 p.m.9 views

Django is vulnerable to SQL injection in column aliases

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS8AI score0.00904EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder