Lucene search
K

1122 matches found

Amazon
Amazon
added 2026/06/29 12:0 a.m.5 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.8AI score0.00701EPSS
Exploits0
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 12:22 p.m.6 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Tridium Niagara Use of GET Request Method With Sensitive Query Strings (CVE-2025-3943)

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;...

7.5CVSS7.4AI score0.07416EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 5:39 p.m.35 views

CVE-2026-54317 Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS0.00193EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.24 views

PT-2026-51458

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Organization team member management can be performed via GET requests without Cross-Site Request Forgery CSRF protection. CSRF is a security flaw where an attacker tricks a logged-in user into executin...

8.8CVSS6AI score0.00248EPSS
Exploits0References14
NVD
NVD
added 2026/06/20 7:16 p.m.10 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 5:18 p.m.16 views

CVE-2019-25753

The CVE-2019-25753 entry concerns Joomla! Component VMap 1.9.6, where an SQL injection vulnerability exists in the latlngbound parameter. An unauthenticated attacker can craft GET requests to index.php with options com_vmap&task=loadmarker containing SQL payloads to manipulate database queries an...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 5:16 p.m.10 views

CVE-2017-20272

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:58 p.m.7 views

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS6AI score0.00267EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/19 4:38 p.m.10 views

CVE-2017-20276

Vulnerability: CVE-2017-20276 in Joomla! component SIMGenealogy 2.1.5. Impactful flaw: SQL injection via the type parameter in index.php when option=com_simgenealogy and view=latest are used; unauthenticated attackers can manipulate database queries and potentially exfiltrate data. Affected compo...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:11 p.m.5 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:1 p.m.4 views

CVE-2017-20265

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Batik

Apache Batik 1.13 is vulnerable to server-side request forgery, which is caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS6.8AI score0.13635EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50933

Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20071

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 1:16 p.m.12 views

CVE-2017-20249

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS0.00295EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 1:16 p.m.16 views

CVE-2017-20243

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:48 a.m.10 views

EUVD-2017-18969

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/09 7:43 a.m.46 views

injection_exploit

Injection Exploit SQLi 6 engines + SSTI 11 engines — GET/...

5.5AI score
Exploits0
Rows per page
Query Builder