CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

EUVD-2026-29368

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

CVE-2026-34258

SAPUI5 (Search UI) is affected by CVE-2026-34258. An unauthenticated attacker can manipulate specific URL parameters in the Search UI to deliver attacker-controlled content, potentially misleading users into clicking on pages rendered by the application. Impact is confined to confidentiality (low...

CVE-2025-41343

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

CVE-2025-41343 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

CVE-2012-6273

SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU aka search user request...

CVE-2024-45717

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-8137

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file searchuser.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit...

PT-2024-38826 · Unknown · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A vulnerability has been found in the SourceCodester Record Management System, classified as problematic. This issue affects unknown code of the file search user.php. The...

SourceCodester Record Management System 安全漏洞

SourceCodester Record Management System is an open source record management system from SourceCodester. A security vulnerability exists in SourceCodester Record Management System version 1.0, which originates from the parameter search in the file searchuser.php that can lead to cross-site scripti...

PT-2023-9648 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a component of Oracle Trading Community, specifically the Party Search UI, and is associated with weaknesses in the authorization procedure. This...

PT-2006-5971 · 4Images · 4Images

Name of the Vulnerable Software and Affected Versions: 4images versions 1.7.x Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the search user parameter in the "search.php" file. Recommendations: For 4images versions 1.7.x, avoid using the search user...