Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11308

Malware in sbrugna...

7.2CVSS6.9AI score0.01467EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.5 views

CVE-2021-24394

An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

7.2CVSS7.2AI score0.01547EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.16 views

CVE-2021-24772

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...

8.8CVSS7.5AI score0.01504EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.3 views

CVE-2020-15500

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

6.1CVSS6.8AI score0.12224EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/05 3:43 a.m.7 views

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

8.8CVSS8.8AI score0.00665EPSS
Exploits1References1
Node.js
Node.js
added 2019/07/17 7:41 p.m.24 views

Local File Inclusion

Overview All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows...

6.8AI score
Exploits0Affected Software1
NVD
NVD
added 2018/06/11 10:29 a.m.11 views

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

6.1CVSS6.2AI score0.02244EPSS
Exploits3References2
CVE
CVE
added 2018/06/11 10:0 a.m.53 views

CVE-2018-12090

LAMS prior to 3.1 is affected by an unauthenticated reflected XSS that allows injection of arbitrary JavaScript via an unsanitized GET parameter in forgotPasswordChange.jsp?key=. This is triggered through remote access without authentication; impact is confined to script execution in the victim’s...

6.1CVSS6.2AI score0.02244EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder