CVE-2026-32250

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...

CVE-2026-32250

CVE-2026-32250 affects NamelessMC (Minecraft server website software). The issue is a Reflected XSS in the id parameter of the endpoint “/index.php?route=/queries/user/”. User input is echoed into the HTML response without proper sanitization/output encoding, enabling an attacker to inject JavaSc...

EUVD-2026-33925

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...

GHSA-587P-W43Q-4HJX query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

EUVD-2024-43568

Malicious code in bioql PyPI...

EUVD-2024-54289

Malicious code in bioql PyPI...

Online Banquet Booking System /admin/view-user-queries.php File SQL Injection Vulnerability

Online Banquet Booking System is an online banquet booking system. Online Banquet Booking System is vulnerable to a SQL injection vulnerability that stems from the viewid parameter in the /admin/view-user-queries.php file not being security filtered. No details of the vulnerability are available ...

PHPGurukul Online Banquet Booking System 注入漏洞

Online Banquet Booking System is an online banquet booking system. Online Banquet Booking System is vulnerable to a SQL injection vulnerability that stems from the viewid parameter in the /admin/view-user-queries.php file not being security filtered. No details of the vulnerability are available ...

Online DJ Booking Management System Cross-Site Scripting Vulnerability

Online DJ Booking Management System is an online DJ booking management system. Online DJ Booking Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in odms/admin/view-user-queries.php, which can be...

CVE-2025-50699

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting XSS in odms/admin/view-user-queries.php...

CVE-2025-2608

A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

PHPGurukul Banquet Booking System 注入漏洞

PHPGurukul Banquet Booking System is a banquet booking system from PHPGurukul. An injection vulnerability exists in version 1.2 of the PHPGurukul Banquet Booking System, which stems from improper manipulation of the viewid parameter in the /admin/view-user-queries.php file, which could lead to an...

CVE-2024-8251

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attacker can exploit this by providing a special...

anything-llm 输入验证错误漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. An input validation error vulnerability exists in versions prior to anything-llm 1.2.2, which stems from the presence of Prisma injection in the API endpoint /embed/:embedId/stream-chat, which allows an...

CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions...

CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions...

Datalust Seq 安全漏洞

Datalust Seq is a logging server from Datalust Australia. It is used to speed up diagnostics in complex, asynchronous and distributed applications. A security vulnerability exists in Datalust Seq versions prior to 2024.3.13545, which stems from an insecure default parsing depth limit that could...

CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions...

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

CVE-2024-49348

CVE-2024-49348 affects IBM Cloud Pak for Business Automation (versions 18.0.0 through 22.0.2). The issue is described as an incorrect privilege assignment that can restrict access to organizational data to valid contexts, with the root cause being that tasks of type comment can be reassigned via ...