Lucene search
K

28510 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43298

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References8
EUVD
EUVD
added yesterday6 views

EUVD-2026-43279

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday116 views

Versa Concerto API Path Based - Authentication Bypass

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources. id: CVE-2025-34027 info:...

10CVSS7.1AI score0.35993EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

74cms - ajax_officebuilding.php SQL Injection

A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php. id: CVE-2020-22210 info: name: 74cms - ajaxofficebuilding.php SQL Injection author: ritikchaddha severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x...

9.8CVSS6.8AI score0.08579EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday101 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday61 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.5AI score0.0357EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday51 views

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.03449EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday307 views

Craft CMS - Remote Code Execution via Template Path Manipulation

This template identifies a critical Remote Code Execution RCE vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9. The vulnerability exists due to improper handling of the --templatesPath query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig...

9.8CVSS7.4AI score0.97446EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday47 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7AI score0.17982EPSS
Exploits3
Nuclei
Nuclei
added yesterday37 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10548 info: name: rConfig 3.9.4...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday120 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday108 views

Atom CMS v2.0 - SQL Injection

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...

9.8CVSS7.1AI score0.61965EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday88 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.1AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday291 views

OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.1AI score0.73255EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday97 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7AI score0.82976EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday56 views

Garage Management System 1.0 - SQL Injection

Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...

9.8CVSS7.1AI score0.03384EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday52 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday51 views

Atom.CMS 2.0 - SQL Injection

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php which allows an attacker to execute arbitrary SQL commands. id: CVE-2022-28033 info: name: Atom.CMS 2.0 - SQL Injection author: ritikchaddha severity: critical description: | Atom.CMS 2.0 is vulnerable to SQL Injection via...

9.8CVSS7.2AI score0.05412EPSS
Exploits1References2
Rows per page
Query Builder