Lucene search
K

330 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34425

Malicious code in bioql PyPI...

9CVSS9.1AI score0.00765EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51026

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00645EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21078

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.005EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29713

Malicious code in bioql PyPI...

4.1CVSS6.6AI score0.00536EPSS
Exploits1References1
NVD
NVD
added 2025/10/02 3:15 p.m.14 views

CVE-2025-59759

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS0.00181EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 3:15 p.m.7 views

CVE-2025-59750

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.4AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.5 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.3AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.4AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.15 views

PT-2025-40386

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the l...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.4AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.8 views

CVE-2025-41052

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...

5.4CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.4 views

CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 3:15 p.m.5 views

CVE-2025-57147

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php...

7.5CVSS0.00451EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/05 2:12 p.m.17 views

mcp-package-docs vulnerable to command injection in several tools

Summary A command injection vulnerability exists in the mcp-package-docs MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code...

7.5CVSS8.1AI score0.08088EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/07/21 8:18 p.m.29 views

CVE-2025-53832 @translated/lara-mcp vulnerable to command injection in import_tmx tool

Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...

7.5CVSS0.07792EPSS
Exploits0References2
OSV
OSV
added 2025/07/18 3:45 p.m.6 views

CVE-2025-54073 mcp-package-docs vulnerable to command injection in several tools

mcp-package-docs is an MCP Model Context Protocol server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol LSP capabilities. A command injection vulnerability exists in the mcp-package-docs MCP Server prior to the...

7.5CVSS8.6AI score0.08088EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.10 views

PT-2025-29405 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue exists in PHPGurukul Online Fire Reporting System 1.2. The vulnerability is a SQL injection that can be initiated remotely through manipulation of the...

8.8CVSS6.6AI score0.00318EPSS
Exploits1References10
OSV
OSV
added 2025/07/11 12:15 a.m.5 views

CVE-2025-41442

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...

5.1CVSS5.7AI score0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/10 11:25 p.m.12 views

CVE-2025-53515 Advantech iView SQL Injection

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL...

8.8CVSS8.8AI score0.005EPSS
Exploits0References2
Rows per page
Query Builder