Lucene search
K

195 matches found

EUVD
EUVD
added 2026/05/27 6:30 p.m.17 views

EUVD-2026-32627

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS5.9AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 6:30 p.m.20 views

CVE-2026-42197

CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...

8.7CVSS5.9AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44073

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS5.9AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 12:48 p.m.38 views

CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS0.01016EPSS
Exploits0References13
NVD
NVD
added 2026/05/11 6:16 a.m.17 views

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

7.3CVSS0.00753EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/03/25 9:56 p.m.9 views

AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter

Summary The Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from $POST'userid' in both subscribe.json.php and subscribeNotify.json.php. An authenticate...

7.1CVSS6.1AI score0.00224EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/25 9:56 p.m.5 views

GHSA-FFR8-FXHV-FV8H AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter

Summary The Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from $POST'userid' in both subscribe.json.php and subscribeNotify.json.php. An authenticate...

7.1CVSS6.1AI score0.00224EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/23 6:50 p.m.3 views

CVE-2026-33723 AVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from...

7.1CVSS6AI score0.00224EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:50 p.m.19 views

CVE-2026-33723

WWBN AVideo vulnerable to SQL Injection in Subscribe endpoint (Subscribe::save). In versions up to 26.0, Subscribe::save() builds an INSERT query by directly concatenating $this->users_id (derived from $_POST['user_id'] in subscribe.json.php and subscribeNotify.json.php) without sanitization o...

7.1CVSS6AI score0.00224EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25920

🔴 CVE-2026-32298 - Critical The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands. https://t.co/UihqyuvV7q https://t.co/RxueFEGJK6...

9.1CVSS5.9AI score0.00647EPSS
Exploits0References11
EUVD
EUVD
added 2026/02/03 12:0 a.m.5 views

EUVD-2025-206715

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

5.7AI score0.00416EPSS
Exploits0References1
Debian
Debian
added 2026/01/22 7:19 a.m.8 views

[SECURITY] [DSA 6106-1] inetutils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6106-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2026 https://www.debian.org/security/faq -...

9.8CVSS5.5AI score0.98871EPSS
Exploits60
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.12 views

WeGIA Cross-Site Script Vulnerabilities

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the user-controlled data was not cleared before rendering the...

5.4CVSS5.7AI score0.00213EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.11 views

CVE-2019-11535

Unsanitized user input in the web interface for Linksys WiFi extender products RE6400 and RE6300 through 1.2.04.022 allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI...

10CVSS7.6AI score0.05053EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 6:0 a.m.12 views

CVE-2025-11307 WP Google Maps < 9.0.48 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

0.01939EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/30 10:42 a.m.6 views

Improper Input Sanitization

github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...

6.5CVSS6.8AI score0.00242EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0333

Malware in sbrugna...

9.8CVSS9.3AI score0.0276EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-0299

Malware in sbrugna...

10CVSS9.2AI score0.0281EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4094

Malware in sbrugna...

7.5CVSS8.1AI score0.04612EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-1955

Malware in sbrugna...

8.8CVSS8.8AI score0.02316EPSS
Exploits0References4
Rows per page
Query Builder