Lucene search
K

213 matches found

Snyk
Snyk
added 2026/04/07 9:31 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Investory Toy Planet Trouble App 安全漏洞

Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...

4.8CVSS5.8AI score0.00141EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/28 12:30 p.m.5 views

EUVD-2016-10850

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS6.7AI score0.00167EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 12:16 p.m.5 views

CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS0.00167EPSS
Exploits0References3
OSV
OSV
added 2026/03/28 12:16 p.m.5 views

UBUNTU-CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS6.7AI score0.00167EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/28 12:16 p.m.4 views

CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS6.8AI score0.00167EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/28 11:58 a.m.2 views

CVE-2016-20048 iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS6.7AI score0.00167EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/28 11:58 a.m.33 views

CVE-2016-20048 iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

8.6CVSS0.00167EPSS
Exploits0References3
CVE
CVE
added 2026/03/28 11:58 a.m.12 views

CVE-2016-20048

The CVE-2016-20048 entry concerns iSelect version 1.4.0-2+b1 that contains a local buffer overflow in the -k/--key parameter. An attacker can supply an oversized argument to overflow a 1024-byte stack buffer, enabling local code execution with the attacker’s privileges. The description details cr...

8.6CVSS6.7AI score0.00167EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.4 views

SUSE CVE-2026-26186

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25176

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

8.8CVSS6.3AI score0.00204EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Page and Post Clone SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/26 12:5 a.m.22 views

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

7.2CVSS0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 12:5 a.m.6 views

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

7.2CVSS6.2AI score0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Fleet SQL注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained a SQL...

8.8CVSS7.3AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.7 views

PT-2026-22054

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet is open source device management software. A SQL injection issue exists due to unsafe use of goqu.I when constructing the ORDER BY clause. This allows authenticated users to inject arbitrary SQL...

9.9CVSS6AI score0.22162EPSS
Exploits70References138
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.10 views

WAVLINK WL-WN579A3 命令注入漏洞

WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The WAVLINK WL-WN579A3 versions 20210219 and earlier has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “key” in the file...

9.8CVSS6.6AI score0.0674EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7858

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/12 12:0 a.m.28 views

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

0.00162EPSS
Exploits0References1
Rows per page
Query Builder