Lucene search
K

690 matches found

OSV
OSV
added 2026/01/14 12:31 a.m.5 views

GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...

9.8CVSS7.2AI score0.00049EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2392

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the...

8.8CVSS6.9AI score0.00804EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.5 views

CVE-2021-31894

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...

8.8CVSS6.9AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:5 a.m.7 views

CVE-2019-20059

paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...

8.8CVSS7AI score0.01089EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.9 views

CVE-2023-29152

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

8.1CVSS6.9AI score0.00447EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.3 views

Area9 Rhapsode 安全漏洞

Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from improper parameter manipulation and could lead to arbitrary file reads...

6.5CVSS6.7AI score0.0033EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

milvus 代码问题漏洞

milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. A code issue vulnerability exists in milvus version 2.6.7 and earlier, which stems from the incorrect manipulation of the parameter code of the function expr.Exec in the file pkg/util/expr/expr.go of the...

6.5CVSS6.4AI score0.00316EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.4 views

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from incorrect manipulation of the parameter id/qty in the file...

9.8CVSS6.9AI score0.00315EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.5 views

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is an open source online music site by Code-Projects. A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, which stems from incorrect manipulation of the parameter ID in the file /Frontend/ViewSongs.php, which could lead to a SQL...

9.8CVSS7.6AI score0.00333EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

newbee-mall-plus 安全漏洞

newbee-mall-plus is an open source e-commerce system by newbee-ltd. A security vulnerability exists in version 2.0.0 of newbee-mall-plus, which stems from the incorrect manipulation of the parameter File in the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which coul...

7.2CVSS5.7AI score0.00346EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.3 views

Code-Projects Refugee Food Management System SQL注入漏洞

Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from incorrect manipulation of the parameters a/b/c/d in the file...

9.8CVSS6.9AI score0.00309EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2025/12/26 1:2 a.m.4 views

CVE-2025-15093

A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...

6.1CVSS3.9AI score0.00365EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.5 views

PT-2025-53388

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 that allows for remote SQL injection. The issue is located in the file /list report.php and involves manipulation of the...

9.8CVSS7.1AI score0.0033EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

Tenda WH450 安全漏洞

Tenda WH450 is a wireless access point from Tenda China. A security vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from an incorrect manipulation of the parameter page in the file /goform/NatStaticSetting, which could result in a stack buffer overflow...

10CVSS9.7AI score0.00991EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Code-Projects Scholars Tracking System 安全漏洞

Code-Projects Scholars Tracking System is an open source scholars tracking system by Code-Projects. A security vulnerability exists in Code-Projects Scholars Tracking System version 1.0, which stems from an incorrect manipulation of the parameter postcontent in the file /home.php, which could lea...

9.8CVSS7.8AI score0.00326EPSS
Exploits1References6
OSV
OSV
added 2025/12/17 10:15 p.m.7 views

CVE-2025-14832

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

9.8CVSS5.8AI score0.00326EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/17 9:30 p.m.5 views

EUVD-2025-203925

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS5.3AI score0.00288EPSS
Exploits0References5
NVD
NVD
added 2025/12/17 7:16 p.m.7 views

CVE-2025-14081

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/17 6:21 p.m.4 views

CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS5.3AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.4AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder