14 matches found
Exploit for CVE-2026-38812
text CVE ID CVE-2026-38812 PRODUC...
PT-2026-49298
Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...
CVE-2026-26988
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...
LibreNMS SQL注入漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability. This vulnerabilit...
PT-2026-20903
Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below Description LibreNMS is a network monitoring tool. The application does not properly sanitize user input when processing IPv6 address searches in the ajax table.php endpoint. The address parameter is split...
📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit
This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...
CVE-2020-36919
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser...
CVE-2020-36919
WPForms 1.7.8 is affected by a cross-site scripting (XSS) vulnerability in the slider import search feature and the tab parameter. The issue can be triggered via the ListTable.php endpoint, where an attacker can inject arbitrary JavaScript to run in a victim’s browser. The vulnerable parameter is...
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...
PT-2025-40270
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Clou...
CVE-2025-9735
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...
CVE-2025-9735 O2OA Personal Profile table cross site scripting
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability in the Splunk Web interface of the Splunk Enterprise operational analytics platform is related to the lack of protection for the web page structure during the processing of the final endpoint /app/search/table. Exploiting this vulnerability allows a malicious actor to perform...