Lucene search
K

28 matches found

NVD
NVD
added 2026/05/12 11:16 p.m.20 views

CVE-2026-41901

Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...

9CVSS0.00427EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25341

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS5.8AI score0.00152EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 12:4 a.m.9 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection through the Runner.exec process. An attacker can execute arbitrary OS commands on the server by uploading or renaming a file with a crafted filename containing shell metacharacters, which are unsafely...

7.5CVSS6AI score0.01922EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/25 10:35 p.m.23 views

CVE-2026-33909 OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS0.0033EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 5:21 p.m.28 views

CVE-2026-32298 Angeet ES3 KVM OS command injection

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

9.1CVSS0.00647EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-4088

Malware in sbrugna...

7.5CVSS6.4AI score0.017EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.4 views

SUSE CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

6.1CVSS6.1AI score0.0295EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/09/08 11:31 a.m.4 views

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.2CVSS7.5AI score0.04087EPSS
Exploits2References4
0day.today
0day.today
added 2021/02/26 12:0 a.m.99 views

Nagios XI 5.7.5 Remote Code Execution Exploit

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...

9CVSS0.96861EPSS
Exploits10
Cvelist
Cvelist
added 2019/02/15 9:0 p.m.30 views

CVE-2015-4615

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables...

9.9AI score0.02212EPSS
Exploits3References2
CVE
CVE
added 2019/02/15 9:0 p.m.51 views

CVE-2015-4615

CVE-2015-4615 affects the Easy2Map-Photos WordPress Plugin (v1.0.9). The vulnerability is an SQL Injection via unsanitized inputs including mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML, and mapID, caused by non-parameterized SQL queries in Functions.php....

9.8CVSS9.7AI score0.02212EPSS
Exploits3References2Affected Software1
FreeBSD
FreeBSD
added 2018/10/17 12:0 a.m.501 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...

2.8AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

phpBB Static Topics <= 1.0 [phpbb_root_path] File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- phpBB Static Topics = 1.0 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Securi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Simple Free PHP Forum Script <= SQL Injection Vulnerability

No description provided by source. Exploit Title: Simple Free PHP Forum Script = 1 SQL Injection Vulnerability Date: 2011-10-19 Author: Skraps, Jackie Craig Sparksjackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://www.phpforumscript.com/?pageid=11 Versio...

7.1AI score
Exploits0
OSV
OSV
added 2014/02/05 12:0 a.m.26 views

DSA-2853-1 horde3 - Remote code execution

Bulletin has no description...

7.5CVSS6.1AI score0.42895EPSS
Exploits7
exploitpack
exploitpack
added 2012/12/03 12:0 a.m.15 views

MyBB KingChat Plugin - SQL Injection

MyBB KingChat Plugin - SQL Injection Exploit Title: KingChat MyBB plugin SQL Injection 0day Google Dork: inurl:"kingchat.php" Date: 13.10.2012 Exploit Author: RedHat NullSec Software Link: http://mods.mybb.com/view/kingchat Tested on: Windows & Linux. Vulnerable code : query"SELECT FROM...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2011/10/20 12:0 a.m.15 views

Simple Free PHP Forum Script - SQL Injection

Simple Free PHP Forum Script - SQL Injection Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" --------------...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2011/10/19 12:0 a.m.20 views

Simple Free PHP Forum Script 1 SQL Injection

Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" -------------- Vurnerable Code -------------- Line 150 of...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/21 12:0 a.m.37 views

Pearl Forums 2.4 - Multiple Remote File Inclusions

| \ | / | \ \ / | | | | | \ / | \ \ / / | | | | '| | |/| |/ \ / / \ / / | | '| | | / | | || | | | | | | | | \ / | | | | || \ \ |/|| || ||,//\ / ||| ,|/ ///////////////////////////////////////////////////////////////////////////////////////////////////////////// //Script:Pearl Forums...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/14 12:0 a.m.28 views

CentiPaid 1.4.2 - &#039;centipaid_class.php&#039; Remote File Inclusion

--------------------------------------------------------------------------- CentiPaid = 1.4.2 absolutepath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes...

7.4AI score
Exploits0
Rows per page
Query Builder