Lucene search
K

1408 matches found

Nuclei
Nuclei
added 13 hours ago35 views

St. Joe ERP system - SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

9.8CVSS6.3AI score0.02899EPSS
Exploits1References2
NVD
NVD
added yesterday7 views

CVE-2026-56360

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data...

6.3CVSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-14634

Summary (CVE-2026-14634) The vulnerability exists in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (up to commit 213babdbaa949e94557246414db0130e01394517) and affects the function checkForPostRequests in the file application/core/MY_Controller.php for the Subscribed Emails Admin Page. Manipulatio...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

next.js: Next.js: Denial of Service via crafted POST requests to server actions

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS6AI score0.00509EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/30 2:28 p.m.9 views

CVE-2026-53433

A flaw was found in fzf, a command-line fuzzy finder. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a crafted POST request with many small segments to the --listen mode. The inefficient HTTP body processing, which uses repeated string concatenation, leads...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 1:19 p.m.9 views

UBUNTU-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:18 p.m.7 views

EUVD-2026-40164

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.29 views

CVE-2026-56357 n8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhoo...

6.3CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 7:17 p.m.8 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:41 p.m.7 views

CVE-2017-20277

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:43 a.m.7 views

Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/15 5:15 p.m.7 views

MAL-2026-5787 Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49578

Name of the Vulnerable Software and Affected Versions React Router version 7 Description Insufficient Cross-Site Request Forgery CSRF checks in Framework Mode allow bypasses when using 'PUT', 'PATCH', or 'DELETE' requests, as the checks were primarily applied to 'POST' requests. CSRF is a type of...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:5 p.m.36 views

CVE-2026-49955

Hermes WebUI vulnerable before version 0.51.270 to resource exhaustion via the passkey/options endpoint. Unauthenticated remote attackers can degrade availability by repeatedly posting to the authentication endpoint, causing unbounded growth of the challenge store and high CPU/disk I/O due to rep...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/09 7:43 a.m.50 views

injection_exploit

Injection Exploit SQLi 6 engines + SSTI 11 engines — GET/...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

SEMCMS 跨站请求伪造漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a cross-site request forgeing vulnerability, which stems from improper handling of POST requests directed to /admin/semcmsuser.php. This vulnerability may lea...

6.3CVSS5.1AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 1:55 a.m.17 views

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this m...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder