Lucene search
K

614 matches found

NVD
NVD
added 2026/04/09 1:16 a.m.5 views

CVE-2026-5827

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

7.5CVSS0.00336EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 12:45 a.m.6 views

CVE-2026-5827

Technical details about CVE-2026-5827 are not publicly available in the provided connected documents. Monitor for updates; the current materials do not specify affected product versions, vulnerable component names, root cause, impact, or remediation specifics beyond the initial description.

7.5CVSS6.8AI score0.00336EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:45 a.m.1 views

CVE-2026-5827

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

7.5CVSS6.8AI score0.00336EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/09 12:45 a.m.37 views

CVE-2026-5827 code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

7.5CVSS0.00336EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 12:45 a.m.3 views

CVE-2026-5827 code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

7.5CVSS5.7AI score0.00336EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.3 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.9AI score0.00227EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31559

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists in Simple IT Discussion Forum version 1.0. The vulnerability is located in the /question-function.php file, within an unknown function. Manipulation of the content...

7.5CVSS7AI score0.00336EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “content” in the file...

7.5CVSS7.2AI score0.00336EPSS
Exploits0References5
NVD
NVD
added 2026/04/07 7:16 p.m.6 views

CVE-2026-39354

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS0.00211EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:54 p.m.4 views

CVE-2026-39354

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 6:54 p.m.15 views

CVE-2026-39354 Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS0.00211EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:54 p.m.3 views

CVE-2026-39354 Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 6:54 p.m.8 views

CVE-2026-39354

CVE-2026-39354 affects Scoold prior to version 1.66.2, where an authenticated low-privilege user can overwrite another user’s question by supplying the victim question’s public ID as postId to POST /questions/ask. This enables direct integrity loss in an existing discussion thread. Root cause is ...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/07 6:54 p.m.4 views

EUVD-2026-19863

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30976

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

Stealthy and Adjustable Text-Guided Backdoor Attacks on Multimodal Pretrained Models

Multimodal pretrained models are vulnerable to backdoor attacks, yet most existing methods rely on visual or multimodal triggers, which are impractical since visually embedded triggers rarely occur in real-world data. To overcome this limitation, we propose a novel Text-Guided Backdoor TGB attack...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17409

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

4.8CVSS5.8AI score0.00471EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 12:6 p.m.14 views

CVE-2026-27854

CVE-2026-27854 affects dnsdist. The vulnerability arises when crafted DNS queries invoke DNSQuestion:getEDNSOptions in custom Lua code, which can reference a modified DNS packet and trigger a use-after-free, potentially causing a crash and denial of service. Connected advisories across Debian/SUS...

7.5CVSS5.8AI score0.00471EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 12:6 p.m.25 views

CVE-2026-27854 Use after free when parsing EDNS options in Lua

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

4.8CVSS0.00471EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 3:32 p.m.2 views

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder