22 matches found
CVE-2026-56790
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...
CVE-2026-56790
CANBoat (up to version 6.22) contains an off-by-one global buffer overflow in analyzer/pgn.c:searchForPgn() that can crash the application when processing a crafted NMEA-2000 message with an out-of-range PGN sent over CAN bus or N2K-over-IP. The root cause is an out-of-bounds array access. The is...
EUVD-2026-39532
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...
CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)
SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...
EUVD-2025-36219
Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints...
CVE-2025-60983
Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints...
CVE-2025-60983
Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints...
EUVD-2025-28183
Malicious code in bioql PyPI...
Design/Logic Flaw
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...
Nmap Web Dashboard and Reporting: WebMap
Features Import and parse Nmap XML files Statistics and Charts on discovered services, ports, OS, etc… Inspect a single host by clicking on its IP address Attach labels on a host Insert notes for a specific host Create a PDF Report with charts, details, labels and notes Copy to clipboard as Nikto...
Library Management System SQL Injection Vulnerability
Library Management System is a library management system. A SQL injection vulnerability exists in Library Management System version 1.0. A remote attacker can use the 'Search for Books' page to view, add, modify, or delete information in the back-end database...
CVE-2018-18796
Library Management System 1.0 has SQL Injection via the "Search for Books" screen...
CVE-2018-18796
Library Management System 1.0 has SQL Injection via the "Search for Books" screen...
CVE-2018-18796
The CVE-2018-18796 entry corresponds to a SQL Injection vulnerability in Library Management System 1.0, exploitable via the frmListBooks/Search for Books path. Public details show the vulnerability arises from unsafe SQL construction in the frmListBooks flow (e.g., textSearch input), with PoC and...
CVE-2018-18796
Library Management System 1.0 has SQL Injection via the "Search for Books" screen...
LiveZilla 'knowledgebase.php' Cross Site Scripting Vulnerability
LiveZilla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Project-Pier ProjectPier-Core Cross-Site Scripting Vulnerability
Project-Pier ProjectPier-Core is a free open source project management system. Multiple cross-site scripting vulnerabilities exist in Project-Pier ProjectPier-Core. A remote attacker can inject arbitrary web script or HTML by sending the 'searchfor' parameter to the searchbytag.php file,...
CVE-2017-15869
Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...
CVE-2017-15869
Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...
LiveZilla knowledgebase.php file cross-site scripting vulnerability
LiveZilla is a free online customer service system from the German company LiveZilla. The system provides real-time monitoring of visitors, offline messages, GeoTracking map tracking, access statistics, online chat and other features. A cross-site scripting vulnerability exists in the...