Lucene search
K

116 matches found

NVD
NVD
added 2026/04/06 10:16 p.m.6 views

CVE-2026-35448

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

3.7CVSS0.00318EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 9:16 p.m.4 views

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

6.1CVSS0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.6 views

CVE-2025-41355

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 8:48 a.m.23 views

CVE-2025-41355 Reflected Cross-Site Scripting on Anon Proxy Server

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 8:48 a.m.6 views

CVE-2025-41355

CVE-2025-41355 describes a reflected XSS in Anon Proxy Server v0.104. The vulnerability affects the /anon.php endpoint, specifically the port and proxyPort parameters, allowing an attacker to craft a malicious URL that executes JavaScript in the victim’s browser. Consequences include potential le...

6.1CVSS6AI score0.00194EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

niknah Anon Proxy Server 跨站脚本漏洞

Niknah Anon Proxy Server is a proxy server software provided by the Niknah company, offering anonymous network access and traffic forwarding capabilities. Version 0.104 of Anon Proxy Server contains a cross-site scripting vulnerability. This vulnerability stems from the lack of effective filterin...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the test.php debugging endpoint of the StripeYPT plugin, which could lead to arbitra...

6.5CVSS5.9AI score0.00281EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 1:31 p.m.3 views

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:57 p.m.4 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the test.php endpoint. An attacker can access internal network resources, probe open or closed ports, and retrieve content fro...

9.3CVSS5.9AI score0.00442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25965

A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar servidor curso lst.php of the component Endpoint. Performing a manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The explo...

5.1CVSS4.1AI score0.00191EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25522

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

8.8CVSS5.9AI score0.00358EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 6:23 p.m.5 views

CVE-2019-25471 FileThingie 2.5.7 Arbitrary File Upload via ft2.php

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...

9.8CVSS6AI score0.00903EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 6:23 p.m.10 views

CVE-2019-25471

CVE-2019-25471 affects FileThingie 2.5.7. An arbitrary file upload vulnerability exists where ZIP archives sent to ft2.php can be unpacked to accessible directories, enabling upload and deployment of PHP shells and execution of arbitrary commands via extracted files. The underlying issue is an in...

9.8CVSS6AI score0.00903EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.1CVSS5.9AI score0.0031EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

9.8CVSS7.7AI score0.99618EPSS
Exploits11References14
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8337

Name of the Vulnerable Software and Affected Versions tushar-2223 Hotel-Management-System versions up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 Description A security flaw exists in tushar-2223 Hotel-Management-System. The issue is related to SQL injection within the HTTP POST Request Handler...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.7 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.15 views

CVE-2020-37083

CVE-2020-37083 affects PHP AddressBook 9.0.0.1, where a time-based blind SQL injection is possible through the id parameter in photo.php. The underlying issue is a vulnerable SQL query that allows remote attackers to inject statements and cause time delays to deduce information. The documents spe...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37012

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

9.8CVSS6.7AI score0.00755EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30917

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS6AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder