Lucene search
K

131 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-22293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter. CVE-2022-22293 Note that Nessus relies on the...

5.4CVSS5.6AI score0.00744EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.8 views

CVE-2024-57019

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...

8.8CVSS8AI score0.01573EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 a.m.7 views

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

4.8CVSS6AI score0.00677EPSS
Exploits1References1
OSV
OSV
added 2025/04/17 12:15 p.m.4 views

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.8 views

WordPress plugin Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS6.6AI score0.00252EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/22 12:0 a.m.7 views

The vulnerability of the setVpnAccountCfg function in the microprogramming software for TOTOLINK X5000R allows a perpetrator to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function in TOTOLINK X5000R router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s processing of the limit parameter. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.3AI score0.01573EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/01/15 5:15 p.m.4 views

CVE-2024-57019

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...

8.8CVSS7.5AI score0.01573EPSS
Exploits1References2
NVD
NVD
added 2025/01/15 5:15 p.m.20 views

CVE-2024-57019

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...

8.8CVSS0.01573EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/15 12:0 a.m.7 views

CVE-2024-57019

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...

8AI score0.01573EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.6 views

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...

8.8CVSS9.4AI score0.01573EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/15 12:0 a.m.16 views

CVE-2024-57019

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...

0.01573EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.6 views

PT-2025-1232 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the limit parameter in the setVpnAccountCfg function. The vulnerability allows ...

10CVSS9.8AI score0.01573EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.5 views

RediSearch 安全漏洞

RediSearch is a Redis module from the RediSearch open source that provides queries, secondary indexes, and full-text searches for Redis. A security vulnerability exists in RediSearch that originates from an authenticated redis user executing FT.SEARCH with a specially crafted LIMIT or KNN command...

7CVSS5.5AI score0.00396EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.6 views

Code-Projects Job Recruitment 注入漏洞

Code-Projects Job Recruitment is an open source job portal from Code-Projects. Code-Projects Job Recruitment version 1.0 has an injection vulnerability that originates from the jid/limit parameter of the /parse/alledits.php file containing a SQL injection vulnerability...

7.5CVSS7.9AI score0.00669EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.7 views

HSC Cybersecurity HC Mailinspector 安全漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A security vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18. A remote attacker can exploit this vulnerability to obtain sensitive information about the start an...

4.3CVSS6.4AI score0.00927EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2024/05/06 5:22 p.m.55 views

Exploit for SQL Injection in Hsclabs Mailinspector

CVE-2024-32369 Description: SQL Injection vulnerability i...

4.3CVSS8.1AI score0.00927EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-24537 · Hsc Cybersecurity · Hc Mailinspector

Name of the Vulnerable Software and Affected Versions: HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 Description: The issue allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameters in the "mliWhiteList.php" component...

4.3CVSS6.8AI score0.00927EPSS
Exploits2References7
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.30 views

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

9.9AI score0.00622EPSS
Exploits0References2
OSV
OSV
added 2024/02/08 12:0 a.m.18 views

CVE-2024-24014

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...

9.8CVSS8.1AI score0.00622EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.7 views

PT-2024-20235 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions prior to 4.3.0-RC1 Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/common/dict/list" API endpoint. Recommendations: F...

9.8CVSS7.5AI score0.00627EPSS
Exploits0References7
Rows per page
Query Builder