Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0636

Malware in sbrugna...

8.8CVSS8.6AI score0.01914EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24512

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01836EPSS
Exploits1References2
OSV
OSV
added 2025/09/10 5:13 p.m.3 views

GHSA-W765-JM6W-4HHJ Webrecorder packages are vulnerable to XSS through 404 error handling logic

A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly embedded into an inline block without sanitization or escaping. This allows an attacker to craft ...

7.1CVSS5.9AI score0.00237EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.10 views

CVE-2024-55663

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

9.8CVSS6.7AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.10 views

CVE-2023-5969

Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items...

5.3CVSS6.7AI score0.00531EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:50 p.m.8 views

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

8.8CVSS7.1AI score0.01914EPSS
Exploits1
OSV
OSV
added 2024/12/12 7:22 p.m.15 views

GHSA-WH34-M772-5398 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...

8.6CVSS9.2AI score0.01045EPSS
Exploits2References5
NVD
NVD
added 2024/12/12 7:15 p.m.37 views

CVE-2024-55663

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

9.8CVSS0.00717EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/12 6:53 p.m.15 views

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

8.6CVSS6.4AI score0.00717EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/11/06 6:30 p.m.30 views

Mattermost vulnerable to excessive memory consumption

Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items...

5.3CVSS7.1AI score0.00531EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/31 2:25 p.m.13 views

CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the log...

5.4CVSS5.7AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2022/11/28 9:59 a.m.3 views

Directory Traversal

Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join. PoC 1 Install the...

7.5CVSS7.6AI score0.01342EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2022/07/21 10:48 a.m.38 views

CVE-2022-31150

A flaw was found in the undici package. When requesting an input on an unsanitized request path, method, or headers it is possible to inject Carriage Return/Line Feed CRLF sequences into these requests...

6.5CVSS3.6AI score0.01158EPSS
Exploits1References3
OSV
OSV
added 2022/06/13 1:15 p.m.6 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS5.8AI score0.01785EPSS
Exploits2References1
OSV
OSV
added 2021/11/29 2:15 p.m.4 views

CVE-2021-43695

issabelPBX version 2.11 is affected by a Cross Site Scripting XSS vulnerability. In file page.backuprestore.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST without sanitization, then there is a XSS vulnerability...

6.1CVSS6.4AI score0.00555EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

TaskFreak! <= 0.6.1 - Remote SQL Injection Vulnerability

No description provided by source. | | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. TaskFreak! SQL Injection Product: TaskFreak!/Discovered in ==0.6.1 Vuln: Remote SQL Injection...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/05/13 12:0 a.m.10 views

Microsoft SharePoint Cross-site Scripting (MS14-022; CVE-2014-1754)

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...

6.1AI score0.11073EPSS
Exploits0
Exploit DB
Exploit DB
added 2011/10/20 12:0 a.m.18 views

Simple Free PHP Forum Script - SQL Injection

Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" -------------- Vurnerable Code -------------- Line 150 of...

7AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.33 views

CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

9.6CVSS9.3AI score0.02149EPSS
Exploits1Affected Software1
Rows per page
Query Builder