Lucene search
K

6 matches found

NVD
NVD
added yesterday6 views

CVE-2026-15202

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS
Exploits0References5
EUVD
EUVD
added yesterday3 views

EUVD-2026-42655

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS4.1AI score
Exploits0References5
EUVD
EUVD
added 2026/05/26 8:9 p.m.12 views

EUVD-2026-31983

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

6.3CVSS5.8AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/29 1:31 a.m.9 views

CVE-2023-2420 MLECMS common.func.php get_url sql injection

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

6.5CVSS9.8AI score0.00737EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/29 1:31 a.m.25 views

CVE-2023-2420 MLECMS common.func.php get_url sql injection

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

6.5CVSS10AI score0.00737EPSS
Exploits1References3
CVE
CVE
added 2023/04/29 1:31 a.m.81 views

CVE-2023-2420

MLECMS 3.0 contains a SQL injection in the get_url function of the /upload/inc/lib/admin module, triggered by manipulating $_SERVER['REQUEST_URI']. This CVE-2023-2420 entry states remote exploitability and public disclosure, rating the issue as CRITICAL per the description. Connected sources cons...

9.8CVSS8.3AI score0.00737EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder