22 matches found
EUVD-2025-210055
An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...
CVE-2026-6562 dameng100 muucmf index.html getListByPage sql injection
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
CVE-2026-6562
CVE-2026-6562 affects dameng100 muucmf 1.9.5.20260309. The vulnerable component is getListByPage in /index/Search/index.html. Manipulating the keyword argument enables SQL injection from remote, with exploit published. Vendor was contacted but did not respond.
MuuCmf 安全漏洞
MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a security vulnerability, which stems from the handling of the keyword parameter in the file/index/Search/index.html. This vulnerability may lead to SQL injection attacks...
GHSA-8W9J-HC3G-3G7F PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...
PT-2026-29826
Summary MCPToolIndex.search tools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...
E-Commerce Website user_index_search.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /pages/userindexsearch.php. An attacker can exploit this vulnerability to...
CVE-2025-11558
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...
EUVD-2025-33554
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...
CVE-2025-11558
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...
CVE-2025-11558 code-projects E-Commerce Website user_index_search.php sql injection
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/userindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...
CVE-2025-11558
CVE-2025-11558 affects code-projects E-Commerce Website 1.0, specifically the /pages/user_index_search.php file where the Search parameter can be manipulated to trigger SQL injection. Multiple connected sources (CNVD-2025-23975, RH:CVE-2025-11558, CNNVD-202510-1254, NVD/CVE-2025-11558, CVELIST) d...
Code-Projects E-Commerce Website SQL注入漏洞
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /pages/userindexsearch.php. An attacker can exploit this vulnerability to...
CVE-2025-11037
A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...
CVE-2025-11037
A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...
CVE-2025-11037
CVE-2025-11037 affects code-projects E-Commerce Website 1.0. The vulnerability is an SQL injection in the parameter Search within the file /pages/admin_index_search.php caused by lack of validation of externally provided SQL statements. It is exploitable remotely and has been publicly released. M...
CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection
A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...
CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection
A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...
CVE-2025-39797
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...
UBUNTU-CVE-2024-23445
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...