Lucene search
K

476 matches found

Debian
Debian
added 2026/01/10 12:46 p.m.27 views

[SECURITY] [DLA 4434-1] sogo security update

Debian LTS Advisory DLA-4434-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 06, 2026 https://wiki.debian.org/LTS Package : sogo Version : 5.0.1-4+deb11u3 CVE ID : CVE-2024-34462 CVE-2025-63499 Debian Bug : 1071163 1121952 Several XSS vulnerabiltiies have...

6.1CVSS6.3AI score0.00345EPSS
Exploits2
Cvelist
Cvelist
added 2026/01/08 11:32 p.m.26 views

CVE-2026-0732 D-Link DI-8200G upgrade_filter.asp command injection

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS0.09953EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.5 views

PT-2026-1802

Name of the Vulnerable Software and Affected Versions Asseco ADMX versions prior to 6.09.01.62 Description The Asseco ADMX system, used for processing medical records, allows authenticated users to access medical files belonging to other users. This is achieved by manipulating GET arguments...

5.3CVSS6AI score0.00281EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/02 8:38 p.m.5 views

EUVD-2026-0028

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...

8.6CVSS7.9AI score0.01228EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Binary MLM Woocommerce plugin <= 2.0 - Reflected Cross-Site Scripting via 'page' vulnerability

Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Binary MLM Woocommerce versions = 2.0...

6.1CVSS5.4AI score0.00327EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/12/25 12:0 a.m.2 views

ChurchCRM eGive.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the MissingEgiveFamID parameter in the eGive.php file. No detailed vulnerability details are provided at this...

7.2CVSS5.9AI score0.00315EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/14 12:0 a.m.4 views

itsourcecode Online Cake Ordering System SQL注入漏洞

itsourcecode Online Cake Ordering System is an online cake ordering system of itsourcecode open source. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Cake Ordering System, which stems from incorrect manipulation of the parameter ID in the file /admindetail.php, which...

9.8CVSS7.7AI score0.00333EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/10 8:39 p.m.3 views

CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

9.4CVSS7.2AI score0.00462EPSS
Exploits3References3
EUVD
EUVD
added 2025/12/05 5:17 p.m.4 views

EUVD-2020-30826

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS5.9AI score0.00303EPSS
Exploits1References4
CVE
CVE
added 2025/12/05 5:31 a.m.20 views

CVE-2025-13625

CVE-2025-13625 pertains to the WP-SOS-Donate Donation Sidebar Plugin for WordPress. Wordfence details a Reflected Cross-Site Scripting flaw that affects all versions up to and including 0.9.2, caused by insufficient input sanitization and output escaping of the $_SERVER['PHP_SELF'] parameter. The...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-12743

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

6CVSS7.3AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 4:2 p.m.9 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS7.9AI score0.00353EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/06 9:46 p.m.5 views

EUVD-2025-37862

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.2AI score0.00289EPSS
Exploits0References3
CVE
CVE
added 2025/11/01 1:47 a.m.16 views

CVE-2025-11922

CVE-2025-11922: Inactive Logout for WordPress

6.4CVSS4.7AI score0.00218EPSS
Exploits0References5
NVD
NVD
added 2025/10/28 1:16 a.m.4 views

CVE-2025-12336

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminindex.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is...

9.8CVSS0.00437EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/13 9:31 p.m.6 views

EUVD-2025-34077

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

school-management-system 代码问题漏洞

school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A code issue vulnerability exists in school-management-system, which stems from incorrect manipulation of the parameter File in the file...

9.8CVSS7.6AI score0.00535EPSS
Exploits1References4
CVE
CVE
added 2025/10/08 4:32 a.m.13 views

CVE-2025-11432

CVE-2025-11432 affects itsourcecode Leave Management System 1.0. The vulnerability is in the /reset.php file where manipulating the employid parameter enables an SQL injection. The attack can be performed remotely and the exploit is publicly available. Multiple connected sources corroborate the i...

9.8CVSS7.2AI score0.00441EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/10/07 11:32 p.m.12 views

CVE-2025-11417 Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...

6.5CVSS0.00299EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 1:55 p.m.5 views

EUVD-2025-32863

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS7.3AI score0.04229EPSS
Exploits1References2
Rows per page
Query Builder