Lucene search
K

1077 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24843

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24663

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under certain circumstances...

6.5CVSS6.8AI score0.00333EPSS
Exploits1References85
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

weimai-wetapp SQL注入漏洞

Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...

5.8CVSS5.9AI score0.00202EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/10 12:57 a.m.3 views

Improper Check for Unusual or Exceptional Conditions

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the Utils class. An attacker can bypass configured keyword...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 12:57 a.m.7 views

EUVD-2026-10547

Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.13 views

PT-2026-24187

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.12 Parse Server versions prior to 9.5.1-alpha.1 Description A logic flaw in the requestKeywordDenylist security control allows bypassing restrictions by placing nested objects or arrays before prohibited...

6.9CVSS5.9AI score0.00393EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/03/09 1:42 a.m.7 views

CVE-2026-3672

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/07 10:36 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the isExistSqlInjectKeyword function. An attacker can execute unauthorized SQL commands by submitting crafted input to this endpoint. Remediation There is no fixed version for...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/07 9:32 p.m.33 views

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.4 views

CVE-2025-52476

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 3:49 p.m.30 views

CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...

5.1CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:49 p.m.2 views

CVE-2025-52475

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 3:49 p.m.4 views

CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/02 3:49 p.m.13 views

CVE-2025-52475

CVE-2025-52475 affects Chamilo LMS before 1.11.30. A reflected XSS exists in the admin/user_list.php endpoint where the keyword_inactive parameter is not properly sanitized, allowing an attacker to inject JavaScript via a crafted URL. The issue is patched in version 1.11.30. No exploitation detai...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/02 3:49 p.m.7 views

EUVD-2025-208176

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 3:49 p.m.7 views

CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:49 p.m.2 views

CVE-2025-52476

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/02 3:49 p.m.4 views

CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/02 3:49 p.m.2 views

CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder