Lucene search
+L

130 matches found

Vulnrichment
Vulnrichment
added 2025/08/14 4:2 p.m.4 views

CVE-2025-8967 itsourcecode Online Tour and Travel Management System packages.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

7.5CVSS7.6AI score0.00421EPSS
Exploits1References5
CNVD
CNVD
added 2025/06/27 12:0 a.m.7 views

Online Hotel Reservation System messageexec.php File SQL Injection Vulnerability

Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /messageexec.php. The...

9.8CVSS7.8AI score0.00394EPSS
Exploits1References1
Huntr
Huntr
added 2025/06/18 1:55 p.m.10 views

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

7.5CVSS6.3AI score0.00467EPSS
Exploits1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.5 views

Thinkgem JeeSite 代码问题漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Joyuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components , workflo...

8.8CVSS6.4AI score0.00387EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-10809

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.3AI score0.00495EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.11 views

CVE-2021-21635

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.08759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.10 views

CVE-2020-18667

SQL Injection vulnerability in WebPort =1.19.1 via the new connection, parameter name in type-conn...

9.8CVSS8.2AI score0.01357EPSS
Exploits1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

CampCodes Online Shopping Portal 注入漏洞

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...

9.8CVSS8.1AI score0.00415EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.3 views

Redmine 代码注入漏洞

Redmine is an open source set of open source Web-based project management and defect tracking tools from Redmine Open Source. The product provides features such as project management, issue tracking and role-based access control. A code injection vulnerability exists in Redmine versions 6.0.0,...

5.1CVSS4.6AI score0.0028EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/22 12:0 a.m.10 views

CVE-2025-28032

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm paramet...

7.4AI score0.00302EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.6 views

admintwo 安全漏洞

admintwo is an application by the individual developer xujiangfei. A security vulnerability exists in version 1.0 of admintwo, which stems from an incorrect manipulation of the parameter Name that can lead to cross-site scripting...

6.1CVSS4.3AI score0.00345EPSS
Exploits1References5
Snyk
Snyk
added 2025/02/28 2:43 p.m.4 views

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/login. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Details...

5.1CVSS5.3AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/28 2:42 p.m.3 views

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/register. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Detail...

5.1CVSS5.3AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2025/02/20 3:15 p.m.2 views

CVE-2023-51308

PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

6.1CVSS5.8AI score0.00325EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.6 views

Codezips Gym Management System 注入漏洞

Codezips Gym Management System is an open source gym management system from Codezips. An injection vulnerability exists in Codezips Gym Management System version 1.0, which stems from the fact that incorrect manipulation of the parameter name can lead to SQL injection...

9.8CVSS7.1AI score0.00523EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.9 views

PT-2025-2195 · WordPress · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker plugin for WordPress versions up to, and including, 5.1.3.3 Description: The issue is related to Stored Cross-Site Scripting via the ays sections5questions8title parameter due to insufficient input sanitization and output escapin...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/12 12:0 a.m.7 views

reggie 路径遍历漏洞

reggie is a takeaway website by 1902756969 individual developers. A path traversal vulnerability exists in reggie version 1.0, which stems from a path traversal in the parameter name...

6.9CVSS5.4AI score0.01239EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Codezips Project Management System 注入漏洞

Codezips Project Management System is an open source project management system from Codezips. An injection vulnerability exists in Codezips Project Management System version 1.0, which originates from a SQL injection in the parameter name...

9.8CVSS7AI score0.00532EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.7 views

SourceCodester Multi Role Login System 安全漏洞

SourceCodester Multi Role Login System is a SourceCodester open source multi-role login system. A security vulnerability exists in SourceCodester Multi Role Login System version 1.0, which originates from the parameter name in the file /endpoint/add-user.php that can lead to cross-site scripting...

5.4CVSS4.5AI score0.00425EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.7 views

PT-2024-17803 · Unknown · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A vulnerability was found in the Simple Admin Panel, affecting some unknown functionality of the file updateItemController.php. The manipulation of the argument p name/p desc leads to...

5.4CVSS4.2AI score0.00389EPSS
Exploits0References11
Rows per page
Query Builder