Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.13 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS5.7AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2026/05/27 7:57 a.m.19 views

CVE-2026-40840

CVE-2026-40840 describes an unauthenticated SQL Injection in the VerifyCreateLicences function. An attacker with low privileges and remote access can exploit improper neutralization of elements in a SQL SELECT command, leading to total confidentiality loss. Documents consistently cite a SQLi in V...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 1:16 p.m.41 views

CVE-2021-47951

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 12:44 p.m.79 views

CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/05/10 12:44 p.m.25 views

CVE-2021-47948

The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:33 p.m.5 views

EUVD-2026-20643

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

8.1CVSS6.6AI score0.01069EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 7:49 p.m.3 views

CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

5.4CVSS6AI score0.00162EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/19 10:37 p.m.21 views

CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

8.1CVSS0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.5 views

Jsish 安全漏洞

Jsish is a small JavaScript parser written in C with a built-in database by the pcmacdon individual developer. A security vulnerability exists in Jsish version 2.0 that stems from type confusion and could lead to a crash or code execution...

9.8CVSS5.9AI score0.00445EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 12:0 a.m.3 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS6AI score0.00218EPSS
Exploits0References5
CVE
CVE
added 2025/12/16 12:0 a.m.10 views

CVE-2025-65592

CVE-2025-65592 affects nopCommerce 4.90.0. The vulnerability is a Cross Site Scripting (XSS) issue in the product management functionality, where malicious payloads entered into the Product Name and Short Description fields are stored in the backend database and then executed when affected pages ...

6.1CVSS5.6AI score0.00218EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.4 views

PT-2025-43698

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions through 29.0 Description The software is susceptible to an issue involving uncontrolled resource consumption. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

7.5CVSS6.4AI score0.00394EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.4 views

PT-2025-43697

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions through 29.0 Description The software is susceptible to Uncontrolled Resource Consumption. As of October 25, 2025, the identifier CVE-2025-54604 is not a valid identifier and is not included in the National Vulnerability...

7.5CVSS6.5AI score0.00394EPSS
Exploits0References10
CVE
CVE
added 2025/10/06 6:45 a.m.17 views

CVE-2025-9914

CVE-2025-9914 involves credentials stored in the system’s local database that can be used for login, potentially granting unauthorized access and affecting confidentiality. Connected documents identify SICK products (e.g., SICK AG Baggage Analytics) as affected, with the root cause described as l...

7.5CVSS6.2AI score0.00301EPSS
Exploits0References6Affected Software4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25215

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25031

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2025/09/18 7:53 p.m.4 views

CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page

LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...

7.3CVSS5.1AI score0.00321EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/27 10:24 a.m.6 views

CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

6.9CVSS0.00198EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-12482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. CVE-2018-12482 Note that...

8.8CVSS7.8AI score0.013EPSS
Exploits1References2
Rows per page
Query Builder