Lucene search
K

925 matches found

OSV
OSV
added 2024/09/27 12:0 a.m.1 views

UBUNTU-CVE-2024-8926

Bypass of CVE-2024-4577, Parameter Injection Vulnerability...

8.8CVSS6.7AI score0.03686EPSS
Exploits65References4
FreeBSD
FreeBSD
added 2024/09/26 12:0 a.m.26 views

php -- Multiple vulnerabilities

php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...

8.8CVSS10AI score0.03686EPSS
Exploits68References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.7 views

Perforce Helix Core 安全漏洞

Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...

5.8CVSS7.1AI score0.00199EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.289 views

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

9.8CVSS7.4AI score0.0136EPSS
Exploits2
CVE
CVE
added 2024/08/29 9:20 a.m.59 views

CVE-2024-29731

CVE-2024-29731 corresponds to a SQL injection vulnerability in SportsNET 4.0.1. The issue affects the vulnerable API endpoint /app/ax/checkBlindFields/ and can be exploited via crafted input in the parameters idChallenge and idEmpresa to retrieve, update, or delete all database information. Multi...

9.8CVSS9.9AI score0.00408EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.8 views

Hitachi Energy MicroSCADA X SYS600 参数注入漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. The Hitachi Energy MicroSCADA X SYS600 suffers from a paramet...

9.9CVSS9AI score0.00611EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.4 views

Mini Inventory and Sales Management System 安全漏洞

Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...

5.4CVSS6.7AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.10 views

PT-2024-38702 · Unknown · Itsourcecode Project Expense Monitoring System

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical vulnerability was found in the itsourcecode Project Expense Monitoring System. This issue affects the file printtransfer.php and is related to the manipulation...

9.8CVSS7.5AI score0.00612EPSS
Exploits1References10
OSV
OSV
added 2024/08/15 1:15 a.m.4 views

CVE-2024-7808

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.4 views

Mitel 6800 Series、6900 Series和6900w Series 安全漏洞

Mitel 6800 Series and others are a series of phones from Mitel Canada. A security vulnerability exists in the Mitel 6800 Series, 6900 Series, and 6900w Series that stems from an insufficient parameter cleanup vulnerability that allows an attacker to conduct a parameter injection attack, which cou...

6.8CVSS7.7AI score0.00549EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.6 views

Mitel多款产品 安全漏洞

Mitel 6800 Series and others are a series of phones from Mitel Canada. A security vulnerability exists in various Mitel products that stems from insufficient parameter cleanup during the SIP Phones startup process, which allows an authenticated attacker with administrative privileges to conduct a...

7.2CVSS9.1AI score0.4161EPSS
Exploits3References4
Veracode
Veracode
added 2024/07/04 11:48 a.m.11 views

Parameter Injection

zend-mail is vulnerable to Parameter Injection. The vulnerability is due to unsanitized additional quote characters within an address in the file Sendmail.php, which allows an attacker to inject arbitrary parameters to the system sendmail program...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.3 views

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...

7.7CVSS7.2AI score0.00689EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.5 views

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...

9.9CVSS7.2AI score0.1718EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.4 views

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...

9.9CVSS8.2AI score0.07258EPSS
Exploits3References6
Veracode
Veracode
added 2024/06/19 10:42 a.m.8 views

Parameter Injection

zendframework/zendframework is vulnerable to Parameter Injection. The vulnerability is due to the way Zend\Mvc\Router\Http\Query captures any query parameters into the RouteMatch, allowing these parameters to override already captured routing parameters and bypass constraints defined in parent...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.4 views

Pandora Security Breach

Pandora is an analytics framework for discovering if a file is suspicious and displaying the results conveniently. A security vulnerability exists in Pandora FMS versions 700 through prior to 777 that stems from the presence of a parameter injection that allows an unauthenticated attacker to...

9.8CVSS8.1AI score0.00913EPSS
Exploits0References2
OSV
OSV
added 2024/06/07 8:15 p.m.6 views

GHSA-JQ87-2WXP-8349 ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`

In Zend Framework 2, Zend\Mvc\Router\Http\Query is used primarily to allow appending query strings to URLs when assembled. However, due to the fact that it captures any query parameters into the RouteMatch, and the fact that RouteMatch parameters are merged with any parent routes, this can lead t...

7.5CVSS7.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.34 views

RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Unsafe deserialization due to incomplete black list incomplete fix for CVE-2017-15095...

9.8CVSS8.8AI score0.49727EPSS
Exploits4References6
OSV
OSV
added 2024/05/16 11:15 a.m.6 views

CVE-2024-4385

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

5.4CVSS5.9AI score0.00342EPSS
Exploits0References7
Rows per page
Query Builder