Lucene search
K

4 matches found

CVE
CVE
added 2026/04/06 7:9 p.m.13 views

CVE-2026-35181

CVE-2026-35181 affects WWBN AVideo prior to 29.x. The endpoint admin/playerUpdate.json.php does not validate CSRF tokens, and the ORM security check excludes the plugins table via ignoreTableSecurityCheck(), removing the remaining defense. Coupled with SameSite=None cookies, an authenticated admi...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0856

Malware in sbrugna...

7.7CVSS7AI score0.02073EPSS
Exploits0References6
OSV
OSV
added 2024/05/20 5:34 p.m.7 views

GHSA-7VW7-QX38-37VR Propel2 SQL injection possible with limit() on MySQL

The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...

9.8CVSS8.5AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/12 8:3 p.m.11 views

CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS6.7AI score0.00459EPSS
Exploits0References2
Rows per page
Query Builder