Lucene search
K

476 matches found

Cvelist
Cvelist
added 2026/04/02 2:45 p.m.24 views

CVE-2026-34797 Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 4:0 a.m.31 views

CVE-2026-5180 SourceCodester Simple Doctors Appointment System ajax.php sql injection

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.00325EPSS
Exploits0References5
CVE
CVE
added 2026/03/28 11:58 a.m.12 views

CVE-2016-20048

The CVE-2016-20048 entry concerns iSelect version 1.4.0-2+b1 that contains a local buffer overflow in the -k/--key parameter. An attacker can supply an oversized argument to overflow a 1024-byte stack buffer, enabling local code execution with the attacker’s privileges. The description details cr...

8.6CVSS6.7AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-23814

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 7:41 a.m.16 views

CVE-2026-4850

CVE-2026-4850 affects code-projects Simple Laundry System 1.0. Affected component: Parameter Handler, file /checkregisitem.php. Root cause: manipulation of the Long-arm-shirtVol argument enables SQL injection. Attack vector is remote; exploit publicly released. Multiple sources (NVD, CVE records,...

9.8CVSS6.8AI score0.00345EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 11:11 p.m.27 views

CVE-2026-4780 SourceCodester Sales and Inventory System HTTP GET Parameter update_out_standing.php sql injection

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file updateoutstanding.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carrie...

6.5CVSS0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/03/24 11:27 a.m.11 views

CVE-2019-25632

CVE-2019-25632 affects phpFileManager 1.7.8. The vulnerability is a local file inclusion that lets unauthenticated attackers read arbitrary server files by manipulating the action, fm_current_dir, and filename parameters in index.php. Attackers can send crafted GET requests to index.php to access...

6.9CVSS5.9AI score0.00557EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:0 a.m.4 views

CVE-2024-46878

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

6.1AI score0.00195EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/19 10:16 p.m.4 views

WordPress Download Manager plugin <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ User Email Enumeration via 'user' Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Download Manager versions = 3.3.49...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 6:31 a.m.4 views

EUVD-2026-11080

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/05 12:20 p.m.10 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.5CVSS6.7AI score0.01945EPSS
Exploits3References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

XHan Admin SQL注入漏洞

XHan Admin is a management system developed by Alixhan’s individual developers. Versions of XHan Admin prior to 1.7.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in files/frontend-api/system-service/api/system/role/query, specifically...

6.5CVSS6.7AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2026/02/17 4:20 p.m.8 views

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

8.8CVSS0.00478EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19423

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/06 6:46 a.m.5 views

EUVD-2026-5613

The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplusbutton shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 6:16 p.m.5 views

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

9.8CVSS0.00555EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Itsourcecode Student Management System SQL Injection Vulnerability

itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the...

9.8CVSS7.2AI score0.00437EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.14 views

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1
CVE
CVE
added 2026/01/14 6:40 a.m.20 views

CVE-2025-14770

CVE-2025-14770 concerns the WordPress plugin Shipping Rate By Cities. Connected sources confirm an SQL Injection vulnerability introduced by insufficient escaping and underpreparation of the city parameter, affecting versions up to and including 2.0.0. The flaw allows unauthenticated attackers to...

7.5CVSS6.4AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 12:0 a.m.4 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder