Lucene search
K

951 matches found

NVD
NVD
added 2026/05/25 3:16 p.m.29 views

CVE-2018-25379

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS0.0039EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.27 views

CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Collectric CMU SQL注入漏洞

The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.29 views

PT-2026-43231

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/05/23 9:51 a.m.22 views

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

6AI score
Exploits0
Snyk
Snyk
added 2026/05/22 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score
Exploits0References2
RustSec
RustSec
added 2026/05/07 12:0 p.m.9 views

`Program<System>` accepts arbitrary executable programs

Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...

8.2CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.23 views

Notepad++ < 8.9.4 Multiple Vulnerabilities

The version of Notepad++ installed on the remote host is prior to 8.9.4. It is, therefore, affected by multiple vulnerabilities: - A string injection vulnerability exists in the FindInFiles feature. When the nativeLang.xml file's 'find-result-hits' element contains a format string specifier such ...

6.6CVSS6.1AI score0.00224EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/30 12:0 a.m.50 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing...

7.5CVSS5.2AI score0.00357EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/24 6:25 p.m.58 views

CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS0.00338EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 3:41 p.m.5 views

GHSA-X92X-PX7W-4GX4 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

9.1CVSS6AI score0.00338EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

Oracle Business Process Management Suite (14.1.2.0.0) (April 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commons...

5.3CVSS5.4AI score0.02164EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24644

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References14
NVD
NVD
added 2026/04/22 9:16 a.m.9 views

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS0.00378EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

6.4CVSS6AI score0.00378EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.4 views

CVE-2026-6439

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...

4.4CVSS5.9AI score0.00199EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 1:40 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang

Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...

5.3CVSS5.7AI score0.02164EPSS
Exploits0Affected Software1
Rows per page
Query Builder