Lucene search
K

476 matches found

CVE
CVE
added 2025/08/26 2:2 a.m.22 views

CVE-2025-9440

CVE-2025-9440 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A vulnerable function is in /admin/add_title.php, where manipulating the Title argument permits cross-site scripting. The issue is exploitable remotely and publicly disclosed. Multiple connected sources...

6.1CVSS6.6AI score0.00322EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/08/26 1:2 a.m.26 views

CVE-2025-9434

The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...

6.1CVSS6.5AI score0.00337EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/26 1:2 a.m.12 views

CVE-2025-9434 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

5.3CVSS0.00337EPSS
Exploits1References4
NVD
NVD
added 2025/08/25 3:15 p.m.3 views

CVE-2024-46413

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...

5.1CVSS0.0025EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.3 views

PT-2025-34653 · Unknown · Rebuild 3.7.7

Name of the Vulnerable Software and Affected Versions: Rebuild version 3.7.7 Description: The software contains a Server-Side Request Forgery SSRF issue. This occurs through the type parameter within the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex function. Recommendations: Updat...

5.1CVSS6.6AI score0.0025EPSS
Exploits1References4
CVE
CVE
added 2025/08/25 12:0 a.m.15 views

CVE-2024-46413

CVE-2024-46413 concerns Rebuild v3.7.7, where the SSRF vulnerability is triggered via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex function. The issue originates in the RBStoreController loadDataIndex path and exposes the system to server-side requests t...

5.1CVSS7.6AI score0.0025EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/08/21 4:46 p.m.18 views

CVE-2025-57762

CVE-2025-57762 : WeGIA, a web manager for charitable institutions, is vulnerable to a Stored Cross-Site Scripting (XSS) in the endpoint dependente_docdependente.php via the nome parameter. The vulnerability is triggered when untrusted input is stored on the server and later executed automatically...

6.4CVSS5.4AI score0.00231EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.4.7, which stems from the presence of stored cross-site scripting in the nome parameter in the dependentedocdependente.php endpoint, which coul...

6.4CVSS6AI score0.00231EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/20 9:2 p.m.7 views

CVE-2025-9248 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RPpingGatewayByBBS of the file /goform/RPpingGatewayByBBS. The manipulation of the argument ssidhex results in...

9CVSS7.3AI score0.00866EPSS
Exploits1References5
NVD
NVD
added 2025/08/16 4:15 a.m.6 views

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...

8.8CVSS0.00693EPSS
Exploits0References2
CVE
CVE
added 2025/08/16 3:38 a.m.16 views

CVE-2024-8393

CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...

6.6CVSS7.9AI score0.00638EPSS
Exploits0References2
CVE
CVE
added 2025/08/16 3:38 a.m.28 views

CVE-2025-6221

CVE-2025-6221 affects the WordPress plugin Embed Bokun (≤0.23). Affected component: the align parameter; vulnerability type: Stored Cross‑Site Scripting . Conditions: authenticated attackers with at least Contributor rights can inject scripts that execute when any user visits the affected page. R...

6.4CVSS5.8AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.11 views

PT-2025-33439 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability was identified in the processing of the file /admin/sms setting.php. Manipulation of the uname argument leads to a SQL injection. The attack may be...

9.8CVSS7.4AI score0.00387EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/08/14 6:2 a.m.12 views

CVE-2025-8946 projectworlds Online Notes Sharing Platform login.php sql injection

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

7.5CVSS0.00387EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.10 views

PHPGurukul Teachers Record Management System 注入漏洞

Teachers Record Management System is a teacher record management system. The Teachers Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search.php. An...

9.8CVSS8.2AI score0.00384EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/12 7:1 p.m.2 views

CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

10CVSS6.6AI score0.01552EPSS
Exploits1References3
OSV
OSV
added 2025/07/31 8:15 a.m.5 views

CVE-2025-8372

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/updates7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit h...

9.8CVSS5.8AI score0.00399EPSS
Exploits1References5
CNVD
CNVD
added 2025/07/25 12:0 a.m.5 views

Art Gallery Management System edit-art-medium-detail.php File Cross-Site Scripting Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System has a cross-site scripting vulnerability , the vulnerability stems from the /admin/edit-art-medium-detail.php file artmed parameter for the user to provide data lack of effective filtering and escapin...

5.4CVSS6.4AI score0.00234EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.5 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

6.8AI score0.04732EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.6 views

Beakon Learning Management System Sharable Content Object Reference Model 安全漏洞

Beakon Learning Management System Sharable Content Object Reference Model is a learning management system from Beakon Australia. A security vulnerability exists in Beakon Learning Management System Sharable Content Object Reference Model version V.5.4.3, which stems from mishandling of URL...

5.4CVSS5.9AI score0.00251EPSS
Exploits1References4
Rows per page
Query Builder