Lucene search
K

105518 matches found

Snyk
Snyk
added 2026/04/29 9:10 p.m.4 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.7 views

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

4.8CVSS3.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.5 views

CVE-2026-41461

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

8.5CVSS5.6AI score0.00302EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.9 views

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS8.2AI score0.02448EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 8:16 p.m.8 views

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

7.1CVSS0.00596EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 8:16 p.m.6 views

CVE-2018-25300

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:25 p.m.9 views

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated directory traversal vulnerability. An authenticated attacker can disclose arbitrary files by injecting path traversal sequences into the ID parameter when issuing requests to downloadsys.pl, download_xml.pl, download.pl, ...

7.1CVSS5.9AI score0.00596EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/29 7:25 p.m.5 views

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

7.1CVSS5.9AI score0.00596EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:25 p.m.36 views

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

7.1CVSS0.00596EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/29 7:25 p.m.7 views

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

7.1CVSS5.9AI score0.00596EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/29 7:24 p.m.8 views

EUVD-2018-21821

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.31 views

CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 6:16 p.m.4 views

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS0.00244EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:15 p.m.2 views

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS5AI score0.00244EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/29 5:15 p.m.5 views

EUVD-2026-26266

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS5AI score0.00244EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/29 4:24 p.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the filter parameter in multiple endpoints, leveraging the MongoLite $func operator. An attacker can execute arbitrary system commands by supplying crafted input to the affected endpoints. Remediation Upgrad...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References2
NVD
NVD
added 2026/04/29 4:16 p.m.6 views

CVE-2026-7389

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/04/29 4:16 p.m.7 views

CVE-2025-56537

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter...

6.1CVSS0.00185EPSS
Exploits3References2
NVD
NVD
added 2026/04/29 4:16 p.m.4 views

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS0.00185EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 3:45 p.m.4 views

CVE-2026-7390

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.5AI score0.00195EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder