CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 12:14 p.m.•7 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS7AI score0.00425EPSS

RedhatCVE•added 2026/01/09 12:12 p.m.•3 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5CVSS7AI score0.00374EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-21444

Malware in sbrugna...

7.5CVSS7.6AI score0.00425EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-21445

Malware in sbrugna...

7.5CVSS7.6AI score0.00374EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-21442

Malware in sbrugna...

9.8CVSS9.5AI score0.00944EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-21446

Malware in sbrugna...

9.8CVSS9.2AI score0.00437EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-21441

Malware in sbrugna...

9.8CVSS9.5AI score0.00944EPSS

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•3 views

Malicious code in @zalastax/nolb-qy (npm)

The package @zalastax/nolb-qy was found to contain malicious code...

7AI score

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-13528 Malicious code in @zalastax/nolb-qy (npm)

The package @zalastax/nolb-qy was found to contain malicious code...

7.2AI score

RedhatCVE•added 2025/05/22 1:12 p.m.•5 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.8CVSS6.9AI score0.00437EPSS

Openbugbounty•added 2023/03/16 8:31 p.m.•6 views

qy-tattoo.com Cross Site Scripting vulnerability OBB-3224495

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

OSV•added 2018/04/08 2:29 a.m.•1 views

CVE-2018-9851

7.5CVSS5.7AI score

Exploits0References1

NVD•added 2018/04/08 2:29 a.m.•8 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS7.5AI score0.00425EPSS

Prion•added 2018/04/08 2:29 a.m.•7 views

Design/Logic Flaw

5CVSS7.4AI score0.00374EPSS

Exploits1References1Affected Software1

OSV•added 2018/04/08 2:29 a.m.•1 views

CVE-2018-9852

9.8CVSS5.8AI score0.00437EPSS

NVD•added 2018/04/08 2:29 a.m.•9 views

CVE-2018-9851

7.5CVSS7.4AI score0.00374EPSS

NVD•added 2018/04/08 2:29 a.m.•12 views

CVE-2018-9852

9.8CVSS9.3AI score0.00437EPSS

OSV•added 2018/04/08 2:29 a.m.•1 views

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

7.5CVSS5.8AI score0.00425EPSS

Cvelist•added 2018/04/08 2:0 a.m.•11 views

CVE-2018-9852

9.3AI score0.00437EPSS