Lucene search
K

321 matches found

CNNVD
CNNVD
added 2026/02/22 12:0 a.m.14 views

Web Ofisi Emlak SQL注入漏洞

Web Ofisi Emlak is a real estate agency website system developed by the Turkish company Web Ofisi. The Web Ofisi Emlak V2 version has a SQL injection vulnerability, which stems from insufficient validation of multiple GET parameter inputs. This vulnerability may lead to SQL injection attacks...

9.8CVSS5.8AI score0.00433EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.10 views

PT-2026-21446

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...

8.8CVSS5.9AI score0.00433EPSS
Exploits1References4
Veracode
Veracode
added 2026/02/21 5:3 a.m.14 views

Cross-site Request Forgery (CSRF)

alextselegidis/easyappointments is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to CSRF protection being enforced only for POST requests while state-changing actions accept GET parameters, which allows an attacker to perform unauthorized administrative actions through...

8.8CVSS5.8AI score0.00203EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/18 9:10 p.m.34 views

CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS0.06996EPSS
Exploits4References3
NVD
NVD
added 2026/02/06 5:16 p.m.13 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS0.0016EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/06 5:16 p.m.5 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.7AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 5:16 p.m.7 views

UBUNTU-CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.7AI score0.0016EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/02/06 4:41 p.m.7 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.5AI score0.0016EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user...

6.1CVSS5.4AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 6:16 p.m.4 views

CVE-2020-37111

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

6.1CVSS6AI score0.00255EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 4:52 p.m.16 views

CVE-2020-37111

CVE-2020-37111 affects 60CycleCMS 2.5.2 with an XSS in news.php . The vulnerability allows attackers to inject scripts via GET parameters, specifically the etsu and ltsu parameters, enabling execution of arbitrary scripts in victims’ browsers. The source documents consistently describe a client-s...

6.1CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/03 4:52 p.m.6 views

EUVD-2020-30984

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

6.1CVSS5.7AI score0.00255EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.3 views

CVE-2020-37111

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

6.1CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.32 views

CVE-2020-37111 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

6.1CVSS0.00255EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS7.6AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 10:15 a.m.3 views

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 10:15 a.m.6 views

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 10:3 a.m.14 views

CVE-2025-64092

CVE-2025-64092 involves unauthenticated SQL injection via GET parameters, affecting Zenitel ICX500/ICX510 platforms per the connected records. The Red Hat and CNNVD entries confirm the same vulnerability description and cite Zenitel as the vendor with affected hardware. The common root cause is i...

7.5CVSS7.2AI score0.00372EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/09 10:3 a.m.3 views

CVE-2025-64092 Unauthenticated SQL injection via GET request parameters

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS7.2AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 10:3 a.m.31 views

CVE-2025-64092 Unauthenticated SQL injection via GET request parameters

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS0.00372EPSS
Exploits0References1
Rows per page
Query Builder