Lucene search
K

74009 matches found

NVD
NVD
added 2026/03/26 12:16 p.m.8 views

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 12:16 p.m.6 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:8 p.m.2 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS6AI score0.00634EPSS
Exploits1References11
AlpineLinux
AlpineLinux
added 2026/03/26 12:8 p.m.4 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS5.9AI score0.00634EPSS
Exploits1References13
CVE
CVE
added 2026/03/26 11:39 a.m.18 views

CVE-2018-25210

WebOfisi E-Ticaret 4.0 is affected by an SQL injection in the 'urun' GET parameter of the vulnerable endpoint. The issue allows unauthenticated attackers to manipulate backend queries using SQL payloads through the 'urun' parameter, enabling boolean-based blind, error-based, time-based blind, and...

8.8CVSS6AI score0.00271EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.22 views

CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS0.00271EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25210

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS6AI score0.00271EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS6AI score0.00271EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.1 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/26 11:39 a.m.8 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.28 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.5 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.2 views

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 10:4 a.m.3 views

SUSE-SU-2026:1059-1 Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2025-21738: ata: libata-sff: ensure that we cannot...

7.1CVSS6.8AI score0.00196EPSS
Exploits0References15
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:7 a.m.4 views

net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()

...

6.4CVSS5.8AI score0.00123EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:5 a.m.2 views

can: mcp251x: fix deadlock in error path of mcp251x_open

...

5.5CVSS5.8AI score0.00099EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:3 a.m.5 views

atm: lec: fix null-ptr-deref in lec_arp_clear_vccs

...

5.5CVSS5.8AI score0.00125EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:2 a.m.3 views

drbd: fix null-pointer dereference on local read error

...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
OSV
OSV
added 2026/03/26 1:34 a.m.1 views

SUSE-SU-2026:1049-1 Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53257: wifi: mac80211: check S1G action frame si...

7.8CVSS6.1AI score0.00278EPSS
Exploits0References23
RedHat Linux
RedHat Linux
added 2026/03/26 1:5 a.m.9 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS6.6AI score0.00451EPSS
Exploits2References8
Rows per page
Query Builder