Lucene search
K

7803 matches found

CVE
CVE
added 2026/06/19 4:41 p.m.10 views

CVE-2017-20277

The CVE-2017-20277 entry concerns Joomla JoomRecipe 1.0.4. The connected Attackerkb entry confirms a bona fide vulnerability: a blind SQL injection in the search_author parameter on the search results page. Exploitation is described as sending POST requests to the search endpoint to perform boole...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:41 p.m.27 views

CVE-2017-20277 Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:41 p.m.8 views

EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in etcd

A cross-site request forgery flaw was discovered in etcd 3.3.1 and earlier. An attacker can create a website that attempts to send a POST request to the etcd server and modify a key. Adding a key is done using a PUT operation, so it seems theoretically safe but PUT operations cannot be performed...

8.8CVSS7.2AI score0.01266EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:48 a.m.6 views

CVE-2026-55740

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 10:23 p.m.7 views

Malicious code in uol-simple-api-futebol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36777

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00324EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.7 views

Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 10:0 a.m.75 views

Exploit for CVE-2026-37071

CVE-2026-37071 Arbitrary File Rename Leading to Privilege Esca...

5.4AI score
Exploits0
CVE
CVE
added 2026/06/15 12:0 a.m.19 views

CVE-2026-50879

The vulnerability CVE-2026-50879 affects Andrei Marcu linx-server v2.3.8, specifically the uploadPostHandler component. A crafted POST request can trigger a Denial of Service (DoS). The connected sources confirm the issue but do not provide exploit details or a remediation patch/version. There is...

7.5CVSS5.4AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49323

Name of the Vulnerable Software and Affected Versions anna-is-cute paste version 0.1.1 Description A flaw in the '/api/v0/pastes' endpoint allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a specially...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.33 views

CVE-2026-50879

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.27 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49320

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00324EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 4:47 p.m.8 views

CVE-2026-53442

A flaw was found in Jenkins. Secrets submitted via POST config.xml are stored unencrypted in job configuration files on the Jenkins controller. This allows users with 'Item/Extended Read' permission, or those with direct access to the Jenkins controller file system, to view sensitive information...

5.5CVSS5.5AI score0.0019EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:37 a.m.10 views

Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48442

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

8.8CVSS5.5AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the POST /waf///rule//save endpoint accepting the configfilename...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder