Lucene search
K

287 matches found

OSV
OSV
added 2025/05/30 6:17 a.m.6 views

CVE-2025-48487 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...

6CVSS6.1AI score0.00222EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:33 a.m.18 views

CVE-2024-8570

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit ha...

9.8CVSS7.4AI score0.00576EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:52 a.m.9 views

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...

9.8CVSS7.8AI score0.00987EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/16 1:0 a.m.19 views

CVE-2025-4734 Campcodes Sales and Inventory System ci_update.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ciupdate.php. The manipulation of the argument id/name leads to sql injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS0.00451EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2025/05/01 10:39 p.m.298 views

Exploit for SQL Injection in Valvepress Automatic

WP Automatic Plugin SQL Injection Exploit CVE-2024-27956 !...

9.9CVSS9.1AI score0.93971EPSS
Exploits16
OSV
OSV
added 2025/04/27 2:15 p.m.5 views

CVE-2025-3971

A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack can be launched remotely. T...

9.8CVSS5.8AI score0.00414EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/23 3:27 p.m.13 views

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

8.6CVSS7.7AI score0.00449EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.184 views

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection

Exploit Title: Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection Exploit author: hyp3rlinx import requests,time,re,sys,argparse NAPC Xinet Elegant 6 Asset Library v6.1.655 Pre-Auth SQL Injection 0day Exploit By hyp3rlinx ApparitionSec UPDATED: Jan 2024 for python3 TODO: add SSL support...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/04 8:31 a.m.14 views

CVE-2025-3229 PHPGurukul Restaurant Table Booking System edit-subadmin.php sql injection

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploi...

5.8CVSS7.8AI score0.00395EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2025/03/21 12:0 a.m.243 views

Jasmin Ransomware - SQL Injection Login Bypass

Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on: Windows How t...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2025/02/27 11:8 a.m.638 views

Exploit for CVE-2025-1094

CVE-2025-1094: SQL Injection to RCE via WebSocket 🚀 This repo...

8.1CVSS8.9AI score0.89472EPSS
Exploits10
Cvelist
Cvelist
added 2025/02/24 2:0 a.m.37 views

CVE-2025-1611 ShopXO Template ThemeAdminService.php injection

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...

5.8CVSS0.00527EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/01/17 12:20 p.m.176 views

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

9.8CVSS9.8AI score0.60661EPSS
Exploits3
CNVD
CNVD
added 2024/10/31 12:0 a.m.5 views

Tenda AC7 ate_iwpriv_set function command injection vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a command injection vulnerability that stems from ateiwprivset failing to correctly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability to execute...

8.8CVSS8.1AI score0.01674EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.20 views

CVE-2024-51254

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the signcacertificate function...

0.00414EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 3:15 a.m.22 views

CVE-2024-7283

A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

8.8CVSS0.0056EPSS
Exploits1References4
CNVD
CNVD
added 2024/06/18 12:0 a.m.5 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-36363)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7AI score0.00676EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/10 12:0 a.m.6 views

RuvarOA template_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter of the /WorkFlow/wfgetfieldsapprove.aspx file against externally entered SQL statements. An attacker ca...

9.4CVSS8AI score0.00618EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2024/05/08 12:0 a.m.351 views

iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

Exploit Title: iboss Secure Web Gateway - Stored Cross-Site Scripting XSS Date: 4/4/2024 Exploit Author: modrnProph3t Vendor Homepage: https://www.iboss.com Version: userName=TEST&x=TEST&action=login&redirectUrl= 3. Insert XSS payload into the "redirectUrl" parameter Example of request with...

6.1CVSS5.1AI score0.22002EPSS
Exploits4
0day.today
0day.today
added 2024/03/14 12:0 a.m.460 views

KiTTY 0.76.1.13 - Command Injection Exploit

Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...

7.8CVSS7.7AI score0.04692EPSS
Exploits5
Rows per page
Query Builder