Lucene search
K

23 matches found

EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43255

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 3 days ago9 views

CVE-2026-15514

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:30 p.m.13 views

CVE-2026-52810

CVE-2026-52810 affects Gogs (Git self-hosted) where the authorization policy is derived from the client-supplied service parameter (e.g., service=git-upload-pack) instead of the actual RPC path. Consequently, requests to the write endpoint /repo.git/git-receive-pack can be treated as read, while ...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:30 p.m.3 views

CVE-2026-52810 Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References6
NVD
NVD
added 2026/04/09 4:16 p.m.10 views

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

4.3CVSS0.00418EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.4 views

CVE-2025-57213

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

6.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-7096

Malware in sbrugna...

5CVSS6.4AI score0.01717EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-18045

Malware in sbrugna...

7.5CVSS8AI score0.01848EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34863

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01369EPSS
Exploits0References4
NVD
NVD
added 2025/07/29 7:15 p.m.7 views

CVE-2024-51473

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

7.5CVSS0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.5 views

PT-2025-17878 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor plugin for WordPress versions up to, and including, 3.1.2 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application, potentially querying and...

6.5CVSS7.1AI score0.00237EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/06/04 2:31 p.m.7 views

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

7.5CVSS5.7AI score0.01256EPSS
Exploits0References4
OSV
OSV
added 2021/02/23 7:15 p.m.7 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.5CVSS7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/02/28 8:6 p.m.5 views

rubygems: DNS hijacking vulnerability

A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a rubygems.tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain...

8.1CVSS7.3AI score0.0475EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2014/11/05 12:0 a.m.8 views

Windows Services Stop

If the Windows services got started manually by a VT then stop those services at the end of a scan. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.3AI score
Exploits0
Nmap
Nmap
added 2010/01/21 1:53 a.m.404 views

dns-service-discovery NSE Script

Attempts to discover target hosts' services using the DNS Service Discovery protocol. The script first sends a query for services.dns-sd.udp.local to get a list of services. It then sends a followup query for each one to try to get more information. Script Arguments max-newtargets, newtargets See...

10CVSS0.1AI score0.99448EPSS
Exploits33
OSV
OSV
added 2008/12/09 12:30 a.m.6 views

CVE-2008-5277

PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service daemon crash via a CH HINFO query...

6.6AI score
Exploits0References8
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.34 views

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

6.2AI score0.03515EPSS
Exploits0References4
NVD
NVD
added 2004/03/03 5:0 a.m.22 views

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

5CVSS6.2AI score0.03515EPSS
Exploits0References4
Rows per page
Query Builder