Lucene search
K

807 matches found

CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

Sylius 输入验证错误漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a vulnerability related to input validation. This vulnerability arises from multiple controllers directly using the HTTP Referer header for redirection, which can lead t...

6.9CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24473

Name of the Vulnerable Software and Affected Versions Sylius versions prior to 1.9.12 Sylius versions prior to 1.10.16 Sylius versions prior to 1.11.17 Sylius versions prior to 1.12.23 Sylius versions prior to 1.13.15 Sylius versions prior to 1.14.18 Sylius versions prior to 2.0.16 Sylius version...

6.9CVSS5.7AI score0.00172EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.12 views

PT-2026-41143

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2026/02/24 6:31 p.m.7 views

FUXA has JWT Authentication Bypass via HTTP Referer header spoofing

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

9.8CVSS6.3AI score0.05633EPSS
Exploits7References4Affected Software1
Snyk
Snyk
added 2026/02/24 6:31 p.m.1 views

Authentication Bypass Using an Alternate Path or Channel

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via improper validation of the Referer header in the authentication process. An unauthorized attacker...

9.8CVSS6.3AI score0.05633EPSS
Exploits7References2
OSV
OSV
added 2026/02/24 6:31 p.m.8 views

GHSA-4R4R-4JP4-WWF9 FUXA has JWT Authentication Bypass via HTTP Referer header spoofing

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

9.8CVSS6.5AI score0.05633EPSS
Exploits7References4
OSV
OSV
added 2026/02/24 4:24 p.m.2 views

CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

9.8CVSS6.4AI score
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 12:0 a.m.19 views

CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

0.05633EPSS
Exploits7References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass mechanism. The server/api/jwt-helper.js middleware improperly trusted the HTTP Referer...

9.8CVSS6.1AI score0.05633EPSS
Exploits7References3
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21744

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 and prior Description FUXA versions 1.2.8 and prior contain an Authentication Bypass issue that can lead to Remote Code Execution RCE. The issue resides in the server/api/jwt-helper.js middleware, which incorrectly relies o...

9.8CVSS6.4AI score0.05633EPSS
Exploits7References12
CVE
CVE
added 2026/02/24 12:0 a.m.29 views

CVE-2025-69985

CVE-2025-69985 affects FUXA 1.2.8 and earlier. The issue is an authentication bypass in server/api/jwt-helper.js that improperly trusts the HTTP Referer header, allowing unauthenticated remote access to the protected /api/runscript endpoint and arbitrary Node.js code execution. Public references ...

9.8CVSS6.3AI score0.05633EPSS
In wildExploits7References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.9 views

CVE-2019-25439

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS6.2AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/02/22 2:16 p.m.5 views

CVE-2019-25439

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/22 1:34 p.m.26 views

CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/22 1:34 p.m.4 views

CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS6.2AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/02/22 1:34 p.m.9 views

CVE-2019-25439

Vulnerability summary (CVE-2019-25439) : NoviSmart CMS contains an SQL injection vulnerability exploitable via the Referer HTTP header. An attacker can craft requests including time-based SQL payloads in the Referer header to execute arbitrary SQL queries, potentially extracting sensitive databas...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:34 p.m.5 views

CVE-2019-25439

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.6 views

PT-2026-21440

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.7 views

NoviSmart CMS SQL注入漏洞

NoviSmart CMS is a content management system developed by the Austrian company NoviSmart. NoviSmart CMS has a SQL injection vulnerability, which stems from the SQL injection present in the Referer HTTP header field. This vulnerability could allow remote attackers to execute arbitrary SQL queries...

8.8CVSS6.1AI score0.0026EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/21 3:50 a.m.5 views

CVE-2026-27192

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...

7.6CVSS5.7AI score0.0024EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder