Lucene search
K

926 matches found

CNVD
CNVD
added 2026/03/12 12:0 a.m.8 views

OpenClaw Parameter Injection Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a parameter injection vulnerability that can be exploited by an attacker to execute arbitrary commands by injecting command substitution syntax...

9.8CVSS6.1AI score0.00476EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-24996

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

8.8CVSS6.1AI score0.00315EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/11 10:17 p.m.4 views

Parameter Injection

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Parameter Injection in the setcookie function in web.py‎. An attacker can manipulate cookie attributes by injecting values after ...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

5.8AI score0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.4 views

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

5.8AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Fortinet FortiDeceptor 参数注入漏洞

Fortinet FortiDeceptor is a network threat detection platform developed by the American company Fortinet. This platform primarily exposes network threats through deceptive techniques. Fortinet FortiDeceptor has a parameter injection vulnerability, which stems from improper use of parameter...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.9 views

MBS多款产品 参数注入漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have parameter...

7.8CVSS6AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.7 views

ffmate 参数注入漏洞

ffmate is an automated media processing engine open sourced by We Love Media. Versions of ffmate 2.0.15 and earlier had a parameter injection vulnerability. This vulnerability stemmed from incorrect operations on the Execute function in the file /internal/service/ffmpeg/ffmpeg.go, which could lea...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References5
CVE
CVE
added 2026/03/06 5:56 p.m.38 views

CVE-2026-29178

CVE-2026-29178 affects Lemmy via the activitypub_federation Rust framework. Before version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unauthenticated SSRF through injection of parameters in file_type, enabling an internal request to pict-rs and use of the proxy parameter ...

8.7CVSS5.8AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25199 OOP CMS BLOG 1.0 SQL Injection via search parameter

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

8.8CVSS6.1AI score0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.11 views

PT-2026-23698

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 1:2 a.m.5 views

GHSA-V2X6-WWFW-R2RQ Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion

Summary When converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. Details When using the MCP to OpenAPI feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: Injection of additional path or query...

4.9CVSS6AI score0.00144EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.12 views

OpenClaw 参数注入漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a parameter injection vulnerability that can be exploited by an attacker to execute arbitrary commands by injecting command substitution syntax...

9.8CVSS6.1AI score0.00476EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

Gogs 参数注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a parameter injection vulnerability. This...

8.8CVSS7.3AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/03/04 9:58 p.m.5 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS5.8AI score0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 9:58 p.m.3 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 9:58 p.m.20 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 9:58 p.m.7 views

EUVD-2026-9499

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 9:58 p.m.23 views

CVE-2026-25750

Langchain Helm Charts (prior to version 0.12.71) include a URL parameter injection vulnerability in LangSmith Studio that could exfiltrate a victim’s bearer token, user ID, and workspace ID to an attacker-controlled server when an authenticated LangSmith user clicks a malicious link. Affected dep...

8.5CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder