Lucene search
K

24 matches found

Cvelist
Cvelist
added yesterday4 views

CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/05/28 12:0 a.m.13 views

mail/mailpit -- memory-exhaustion DoS via unbounded JSON body

Mailpit author reports: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on /api/v1/messages, /api/v1/tags, and /api/v1/message/id/release...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.40 views

CVE-2026-46365 phpMyFAQ - Missing Authorization in Tag Deletion Endpoint

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

8.8CVSS0.00329EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:12 a.m.2 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 10:12 a.m.36 views

CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

5.3CVSS0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 10:12 a.m.3 views

CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 10:12 a.m.12 views

CVE-2026-3023

CVE-2026-3023 affects the Wakyma web application, specifically the endpoint VetS.wakyma.com/pets/print-tags. The issue is a NoSQL injection (NoSQLi) in a POST request that authenticated users can abuse to inject NoSQL commands, enabling listing of pets and owner names. Multiple connected entries ...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow authenticated users to list pets and...

8.8CVSS5.8AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-25672

Name of the Vulnerable Software and Affected Versions Wakyma affected versions not specified Description A non-relational SQL injection NoSQLi issue exists in the Wakyma web application. An authenticated user can modify a POST request sent to the ''vets.wakyma.com/pets/print-tags'' endpoint to...

8.8CVSS5.8AI score0.00329EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26573

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00289EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/03 3:40 a.m.6 views

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user-supplied input in the “Tags” field of the /s/ajax?action=lead:addLeadTags endpoint being reflected in the server response, which allows an attacker to execute arbitrary JavaScript in the victim’s...

4.8CVSS6.7AI score0.00289EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

Conventional Changelog 参数注入漏洞

Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...

5.3CVSS6.9AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.6 views

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS5.5AI score0.00289EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 10:18 p.m.4 views

GHSA-9V8P-M85M-F7MM Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS5.9AI score0.00289EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/03 10:18 p.m.9 views

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 2:33 p.m.3 views

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS5.1AI score0.00289EPSS
Exploits0References1
Rows per page
Query Builder