CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

ATTACKERKB•added 2026/03/20 2:9 a.m.•0 views

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00041EPSS

Exploits1References3Affected Software1

GitLab Advisory Database•added 2026/03/16 12:0 a.m.•4 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

8CVSS6AI score0.00041EPSS

Exploits1References5Affected Software1

NVD•added 2024/06/07 4:15 a.m.•20 views

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences...

6.1CVSS0.00525EPSS

Exploits0References4

OSV•added 2024/06/07 4:15 a.m.•1 views

UBUNTU-CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences...

6.1CVSS5.8AI score0.00525EPSS

Exploits0References7

CVE•added 2024/06/07 12:0 a.m.•80 views

CVE-2024-37384

CVE-2024-37384 affects Roundcube Webmail: versions before 1.5.7 and 1.6.x before 1.6.7 are vulnerable. The issue allows Cross-Site Scripting via list columns from user preferences. The connected documents include Debian/Ubuntu/Nessus and OpenVAS advisories that corroborate the vulnerability and i...

6.1CVSS6.1AI score0.00525EPSS

Exploits0References4Affected Software1