Lucene search
K

93385 matches found

Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.124 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...

9.8CVSS6.1AI score0.05126EPSS
Exploits5
Redos
Redos
added 2026/02/24 12:0 a.m.7 views

ROS-20260224-73-0012

Vulnerability in php-itop related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

8.7CVSS5.5AI score0.00269EPSS
Exploits0
CVE
CVE
added 2026/02/23 11:2 p.m.14 views

CVE-2026-3042

The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...

9.8CVSS7.3AI score0.00425EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 7:32 p.m.9 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS7.1AI score0.05403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.4 views

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.6 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS5.7AI score0.0031EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.6 views

CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

8.8CVSS6AI score0.00373EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/02/23 10:20 a.m.8 views

WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kingler versions = 1.7...

9.8CVSS5.5AI score0.00375EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 9:25 a.m.25 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

8.6CVSS8.6AI score0.13204EPSS
Exploits6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-21576

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. Remote attackers can exploit this by manipulating the ID argument in the /admin/index.php file. The...

9.8CVSS7.1AI score0.00425EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.7 views

PideTuCita 跨站脚本漏洞

PideTuCita is an online scheduling and queuing management platform owned by the Spanish company PideTuCita. PideTuCita has a cross-site scripting vulnerability, which stems from improper handling of the cookies/indes.php endpoint. This vulnerability could allow attackers to execute JavaScript cod...

5.1CVSS5.8AI score0.00419EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/23 12:0 a.m.134 views

📄 SuiteCRM 7.11.18 Log File Remote Code Execution

SuiteCRM version 7.11.18 allows modification of the logging configuration. The log filename extension is not validated properly .pHp accepted, causing the log to be interpreted as PHP. Then attacker injects PHP payload into the logs changing username lastname field resulting in the log file...

9CVSS5.6AI score0.64094EPSS
Exploits11
NVD
NVD
added 2026/02/22 2:16 p.m.7 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS0.05403EPSS
Exploits1References4
NVD
NVD
added 2026/02/22 2:16 p.m.9 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS0.0031EPSS
Exploits1References2
OSV
OSV
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/02/22 2:16 p.m.2 views

UBUNTU-CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6AI score0.0031EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/22 2:2 p.m.5 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS5.4AI score0.05403EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.1CVSS5.9AI score0.0031EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.6 views

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS6AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/02/22 1:18 p.m.11 views

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder