Lucene search
K

1197 matches found

OSV
OSV
added 2026/02/22 3:16 p.m.5 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/02/22 3:16 p.m.3 views

CVE-2019-25456

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...

9.1CVSS5.9AI score0.00464EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.8 views

Web Ofisi Firma Rehberi SQL注入漏洞

Web Ofisi Firma Rehberi is a directory system of companies operated by the Turkish company Web Ofisi. Version 1 of Web Ofisi Firma Rehberi has a SQL injection vulnerability, which stems from insufficient validation of GET parameter inputs. This vulnerability may lead to SQL injection attacks...

9.8CVSS5.8AI score0.00479EPSS
Exploits1References4
NVD
NVD
added 2026/02/18 10:16 p.m.11 views

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS0.06996EPSS
Exploits4References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

MajorDoMo SQL注入漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a SQL injection vulnerability in MajorDoMo. This vulnerability stems from the commandssearch.inc.php file, which directly inserts the $GETparent parameter into multiple SQL queries. These...

9.8CVSS5.8AI score0.00468EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/02/06 4:41 p.m.3 views

CVE-2019-25303 TheJshen contentManagementSystem 1.04 - 'id' SQL Injection

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 3:31 p.m.5 views

GHSA-33HJ-RCMX-86MV Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References15
NVD
NVD
added 2026/01/30 3:16 p.m.7 views

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS0.00575EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/30 2:25 p.m.6 views

CVE-2024-4027 Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References2
CVE
CVE
added 2026/01/30 2:25 p.m.14 views

CVE-2024-4027

The CVE-2024-4027 entry describes a flaw in Undertow where Servlets calling HttpServletRequestImpl.getParameterNames() can trigger an OutOfMemoryError when clients send requests with large parameter names, enabling a remote DoS. Affected: Undertow (Servlet handling path). Root cause: large parame...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 2:25 p.m.7 views

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.11 views

PT-2026-5405

Name of the Vulnerable Software and Affected Versions AWStats version 8.0 Description AWStats version 8.0 contains a command injection issue due to an unsafe use of the open function in Perl when processing HTTP GET parameters. Specifically, the presence of a pipe symbol '|' within a parameter ca...

7.8CVSS6.4AI score0.01046EPSS
Exploits1References12
CVE
CVE
added 2026/01/26 7:36 p.m.23 views

CVE-2025-11687

The CVE-2025-11687 issue affects the gi-docgen library and is confirmed by multiple sources (GHSA advisory, NVD/Red Hat entry, Debian/Amazon Linux advisories). It is a reflected DOM XSS vulnerability where an unescaped q query parameter allows arbitrary JavaScript execution in the page context, e...

6.1CVSS6AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/19 10:32 p.m.23 views

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

7.5CVSS0.00359EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 10:2 p.m.23 views

CVE-2026-1178

CVE-2026-1178 affects Yonyou KSOA 9.0. The vulnerability is in the HTTP GET Parameter Handler, specifically the /kmf/select.jsp file, where manipulating the folderid parameter leads to SQL injection. The issue can be initiated remotely and exploits have been publicly disclosed. Vendor notificatio...

9.8CVSS5.4AI score0.00352EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/19 9:32 p.m.21 views

CVE-2026-1177 Yonyou KSOA HTTP GET Parameter save_folder.jsp sql injection

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

7.5CVSS0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/19 3:19 p.m.6 views

CVE-2026-1123

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

9.8CVSS5.4AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/19 2:26 p.m.6 views

CVE-2026-1121

A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/delworkplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public an...

9.8CVSS5.4AI score0.00457EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/19 1:32 a.m.4 views

CVE-2026-1132 Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

7.5CVSS7.1AI score0.0051EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 1:32 a.m.22 views

CVE-2026-1132

CVE-2026-1132 affects Yonyou KSOA 9.0. The vulnerability lies in the HTTP GET Parameter Handler, specifically the /kmf/edit_folder.jsp file, where manipulating the folderid argument enables SQL injection. The exploit appears to be public and exploitable remotely; there is no vendor response or co...

9.8CVSS6.5AI score0.0051EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder