Lucene search
K

116 matches found

Cvelist
Cvelist
added 2026/01/29 2:28 p.m.41 views

CVE-2020-37006 berliCRM 1.0.24 - 'src_record' SQL Injection

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.8 views

BerliCRM SQL Injection Vulnerability

berliCRM is a customer management system developed by the German company berliCRM. Version 1.0.24 of berliCRM contains a SQL injection vulnerability. This vulnerability stems from the srcrecord parameter in the index.php endpoint, which may lead to manipulative database queries...

8.2CVSS5.8AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/17 8:27 p.m.7 views

CVE-2026-23727

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

6.1CVSS6.8AI score0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:47 p.m.5 views

CVE-2026-23729

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/16 7:41 p.m.25 views

CVE-2026-23727

WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint, exploitable via the nextPage parameter when paired with metodo=listarTodos and nomeClasse=TipoSaidaControle. The app does not validate/restrict nextPage, allowing attackers to redirect users to arbitrary external...

6.1CVSS6.4AI score0.0018EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:40 p.m.2 views

CVE-2026-23726

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/16 7:40 p.m.19 views

CVE-2026-23726

The CVE-2026-23726 issue affects WeGIA, a web manager for charitable institutions. Affected component is the /WeGIA/controle/control.php endpoint, where the nextPage parameter (used with metodo=listarTodos and nomeClasse=TipoEntradaControle) is not validated or restricted, enabling open redirects...

6.1CVSS6.4AI score0.00212EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.20 views

CVE-2025-23038

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the remuneracao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into th...

6.4CVSS5.4AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS8AI score0.0051EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.5 views

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS7.6AI score0.0051EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.19 views

CVE-2023-53926

CVE-2023-53926 affects PHPJabbers Simple CMS 5.0. A SQL injection in the 'column' parameter of the index.php endpoint can allow remote attackers to manipulate queries and potentially extract or modify database information. The vulnerability is documented across multiple sources (including RH, NVD...

9.8CVSS7.6AI score0.0051EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.3 views

CVE-2023-53909 WBCE CMS 1.6.1 SVG File Content Cross-Site Scripting

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS5.8AI score0.00267EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/16 6:31 p.m.5 views

EUVD-2025-203804

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS8.4AI score0.01624EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 12:0 a.m.19 views

CVE-2025-63414

CVE-2025-63414 describes a Path Traversal in Allsky WebUI v2024.12.06_06 that allows unauthenticated remote command execution via /html/execute.php with a crafted id payload, leading to full remote code execution. The issue is confirmed across multiple sources (Red Hat CVE entry, EUVD/ENISA entry...

10CVSS8.5AI score0.01624EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

9.3CVSS8AI score0.0107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 5:17 p.m.6 views

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

6.1CVSS6AI score0.00215EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.23 views

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

0.00215EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.6 views

PT-2025-48114

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description The software is susceptible to a SQL injection issue through the status sql.php endpoint. The endpoint...

7.2CVSS7.3AI score0.00268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.4 views

PT-2025-48158

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

8.4AI score0.00392EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.4 views

CVE-2025-63229

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...

6AI score0.00237EPSS
Exploits1References2
Rows per page
Query Builder