Lucene search
K

926 matches found

Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.2 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.4 views

PT-2026-6886

Name of the Vulnerable Software and Affected Versions Bucketlister plugin for WordPress versions up to and including 0.1.5 Description The software contains a SQL Injection issue through the category and id attributes within its shortcode. Insufficient escaping of user-supplied parameters and...

6.5CVSS5.8AI score0.00217EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.5 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.0016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 4:41 p.m.13 views

CVE-2019-25303

The CVE-2019-25303 entry affects TheJshen ContentManagementSystem 1.04. It describes a SQL injection vulnerability exploitable via the GET parameter id, enabling boolean-based, time-based, and UNION-based techniques to extract or manipulate database information. The available documents consistent...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6462

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

8.7CVSS6.2AI score0.00473EPSS
Exploits3References5
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.9 views

Group Office 参数注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained a parameter injection vulnerability. This vulnerability stemmed from the direct passing of the lang parameter to system commands, which coul...

9.4CVSS6.2AI score0.00799EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Symfony parameter injection vulnerability

Symfony is a PHP framework developed by Symfony Inc. for web and console applications, along with a set of reusable PHP components. Symfony has a parameter injection vulnerability, which arises from the Process component improperly handling special characters when escaping parameters on Windows,...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.5 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.11 views

WatchYourLAN parameter injection vulnerability

WatchYourLAN is a lightweight network IP scanner developed by Andrew Erlikh individually using Go language. WatchYourLAN has a parameter injection vulnerability; this vulnerability arises from the lack of validation for the string provided by the user when processing the arpstrs parameter, which...

8.8CVSS7.6AI score0.00665EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 12:15 p.m.7 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:45 a.m.1 views

CVE-2025-10024

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 11:45 a.m.3 views

CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 11:45 a.m.12 views

CVE-2025-10024

Technical details about CVE-2025-10024 are not publicly provided in the supplied documents; no affected versions, root cause, or remediation are stated. Monitor for updates from vendors and security advisories.

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/22 11:45 a.m.3 views

EUVD-2026-4166

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 11:45 a.m.25 views

CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025...

7.5CVSS0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

EXERT Education Management System has a security vulnerability

EXERT Education Management System is a comprehensive education management software developed by the Turkish company EXERT. The version 23.09.2025 and earlier of the EXERT Education Management System contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-3926

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...

7.5CVSS5.4AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

GNU Inetutils 参数注入漏洞

GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...

9.8CVSS7.4AI score0.98871EPSS
Exploits61References7
Hacker One
Hacker One
added 2026/01/20 9:29 p.m.11 views

Weblate: Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate

A vulnerability was discovered in the SSH management interface of Weblate, a web-based translation tool. The vulnerability allowed an attacker with administrative privileges to inject command-line arguments into the host parameter, leading to sensitive file disclosure on the server. The vulnerabl...

9.1CVSS5.4AI score0.00447EPSS
Exploits3
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS0.00554EPSS
Exploits1References4
Rows per page
Query Builder