Lucene search
+L

80 matches found

Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24984

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8290

Malware in sbrugna...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2008-2490

Malware in sbrugna...

7.5CVSS6.4AI score0.01532EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31112

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00374EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26274

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00514EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/25 12:0 a.m.16 views

CVE-2025-46148

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...

0.00374EPSS
Exploits0References4
OSV
OSV
added 2025/09/25 12:0 a.m.7 views

CVE-2025-46148

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...

5.3CVSS7AI score0.00374EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/01 4:39 p.m.7 views

CVE-2025-9692

A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used...

9.8CVSS7.3AI score0.00514EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.10 views

PT-2025-33078 · S40 Cms · S40 Cms

Name of the Vulnerable Software and Affected Versions: S40 CMS version 0.4.2 Description: S40 CMS version 0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary fil...

8.7CVSS6.6AI score0.01286EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/07/28 8:40 p.m.10 views

WordPress Bricks Builder plugin <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter vulnerability

Unauthenticated SQL Injection via p Parameter vulnerability discovered by Jamie Burchell in WordPress Theme Bricks Builder versions = 1.12.4...

7.5CVSS8.1AI score0.00436EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/07/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

7.5CVSS5.9AI score0.00436EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:4 a.m.4 views

CVE-2014-3846

Cross-site scripting XSS vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php...

4.3CVSS6AI score0.01427EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:19 a.m.6 views

CVE-2011-1009

Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter...

6.1CVSS6.1AI score0.00804EPSS
Exploits1References1
CVE
CVE
added 2024/11/13 2:21 p.m.56 views

CVE-2024-49505

Summary: CVE-2024-49505 is a reflected-cross-site scripting (XSS) vulnerability in openSUSE Tumbleweed MirrorCache. The issue arises from improper input neutralization in the web page generation process, specifically affecting the REGEX and P parameters. Affected versions are MirrorCache before 1...

6.1CVSS6.2AI score0.00322EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/13 2:21 p.m.35 views

CVE-2024-49505 XSS vulnerability found in OpenSuse MirrorCache

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083...

5.3CVSS0.00322EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.8 views

PT-2024-33540 · Opensuse · Opensuse Tumbleweed Mirrorcache

Name of the Vulnerable Software and Affected Versions: openSUSE Tumbleweed MirrorCache versions prior to 1.083 Description: A Cross-site Scripting vulnerability exists in openSUSE Tumbleweed MirrorCache, allowing the execution of arbitrary JavaScript via reflected XSS in the REGEX and P parameter...

6.1CVSS6.2AI score0.00322EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.28 views

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-3507)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...

5.3CVSS6.6AI score0.05533EPSS
Exploits0References2
NVD
NVD
added 2023/08/09 2:15 p.m.22 views

CVE-2023-34545

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL...

9.8CVSS9.8AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2023/08/09 2:15 p.m.2 views

CVE-2023-34545

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL...

9.8CVSS6AI score0.00619EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.9 views

CSZCMS SQL注入漏洞

CSZCMS is an open source web application that allows to manage all the content and settings on the website. A SQL injection vulnerability exists in CSZCMS version 1.3.0 that stems from the application's lack of validation of externally entered SQL statements. A remote attacker can exploit the...

9.8CVSS8.3AI score0.00619EPSS
Exploits0References3
Rows per page
Query Builder