Lucene search
+L

321 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 5:20 a.m.12 views

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...

9.8CVSS8.2AI score0.00524EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:41 a.m.10 views

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

5.4CVSS7.1AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:6 a.m.20 views

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...

10CVSS7.8AI score0.01197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:37 p.m.7 views

CVE-2022-36100

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

9.9CVSS6.6AI score0.73608EPSS
Exploits1
CVE
CVE
added 2025/01/23 12:0 a.m.57 views

CVE-2024-57329

HortusFox v3.9 is affected by a stored XSS in the Add Plant function. The name field does not sanitize/escape input, enabling injection and execution of arbitrary JavaScript payloads. Several connected sources confirm the vulnerability as a stored XSS (CVE-2024-57329) and note a temporary workaro...

5.4CVSS6.3AI score0.00252EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/01/15 1:5 p.m.14 views

CVE-2024-57886 mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...

0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/13 11:34 p.m.43 views

CVE-2025-23030 Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS0.003EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/13 11:33 p.m.46 views

CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

6.4CVSS0.00278EPSS
Exploits1References2
CVE
CVE
added 2024/12/14 4:23 a.m.40 views

CVE-2024-11759

CVE-2024-11759 (Bukza) is a WordPress plugin vulnerability: the Bukza shortcode in versions up to and including 2.0.0 is affected by a stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes. This allows an authenticated attacker wi...

6.4CVSS5.7AI score0.00276EPSS
Exploits0References2
Veracode
Veracode
added 2024/11/25 9:58 a.m.13 views

SQL Injection

github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...

8.8CVSS7.2AI score0.00748EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/11/14 6:34 a.m.13 views

Cross-Site Scripting (XSS)

github.com/mudler/localai is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation and inadequate sanitization of user inputs when passing parameters to the delete model API, allows malicious scripts to be stored and executed in the application...

6.1CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2024/11/02 2:1 p.m.14 views

Node.js: Improper error handling in async cryptographic operations crashes process

The C++ method SignTraits::DeriveBits incorrectly called ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process...

7.5CVSS7.1AI score0.00763EPSS
Exploits0
OSV
OSV
added 2024/10/29 9:30 a.m.17 views

GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

5.1CVSS4.8AI score0.00149EPSS
Exploits0References4
CVE
CVE
added 2024/10/29 8:12 a.m.230 views

CVE-2024-46872

Mattermost versions 9.10.x ≤ 9.10.2, 9.11.x ≤ 9.11.1, 9.5.x ≤ 9.5.9 expose a frontend input sanitization flaw used for redirection, enabling a one-click client-side path traversal that leads to CSRF in Playbooks. Root cause: improper sanitization in frontend redirection logic. Impact: CSRF in Pla...

4.6CVSS4.5AI score0.00149EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/29 8:12 a.m.18 views

CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

4.6CVSS7.1AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 8:12 a.m.14 views

CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

4.6CVSS6AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/21 12:0 a.m.33 views

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

0.00523EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/16 9:3 p.m.34 views

CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering

RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...

9.3CVSS0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/16 9:3 p.m.15 views

CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering

RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...

9.3CVSS7.5AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 9:3 p.m.18 views

CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering

RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...

9.3CVSS7.7AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder