Lucene search
K

432 matches found

CNNVD
CNNVD
added 2026/01/01 12:0 a.m.6 views

Apache StreamPipes 安全漏洞

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. A security vulnerability exists in Apache StreamPipes version 0.97.0 and earlier, which stems from a flaw in the user ID...

8.1CVSS6.5AI score0.14786EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.11 views

PT-2025-53854

Name of the Vulnerable Software and Affected Versions Apache StreamPipes versions 0.69.0 through 0.97.0 Description A flaw exists in Apache StreamPipes that allows a user with a non-administrator account to manipulate the user ID creation mechanism. This manipulation enables the swapping of a...

8.1CVSS6.7AI score0.14786EPSS
Exploits0References17
CNVD
CNVD
added 2025/12/18 12:0 a.m.5 views

Student File Management System user_id Parameter SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...

9.8CVSS7.7AI score0.00363EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/16 3:30 p.m.4 views

EUVD-2025-203654

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

6AI score0.00155EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.6 views

WeKan 安全漏洞

WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan version 18.15 and earlier, which stems from the Attachment Upload API treating the Authorization bearer value as a userId, which could lead to application-level denial of service and identity spoofi...

8.2CVSS6.5AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.11 views

PT-2025-51148

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote code execution. The issue is located in the file /admin/delete user.php and involves the manipulati...

9.8CVSS7.9AI score0.00363EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/12/14 12:0 a.m.5 views

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...

9.8CVSS7.7AI score0.00363EPSS
Exploits1References7
CVE
CVE
added 2025/12/13 4:32 p.m.23 views

CVE-2025-14621

Summary: CVE-2025-14621 affects Code-Projects’ Student File Management System 1.0. The vulnerability lies in the /admin/update_user.php file where the user_id parameter is not properly validated, enabling SQL injection. Remote exploitation is possible, and an exploit is publicly available. Variou...

9.8CVSS7.2AI score0.00339EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/updateuser.php. An attacker ca...

9.8CVSS7.9AI score0.00339EPSS
Exploits1References6
NVD
NVD
added 2025/12/12 9:15 p.m.4 views

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

8.7CVSS0.00494EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/12 8:14 p.m.4 views

EUVD-2024-55348

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

8.7CVSS7.1AI score0.00494EPSS
Exploits1References4
CNVD
CNVD
added 2025/12/10 12:0 a.m.7 views

Simple Shopping Cart settings.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...

9.8CVSS7AI score0.00282EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/08 3:30 p.m.7 views

EUVD-2025-201716

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

6.5CVSS6.3AI score0.00282EPSS
Exploits1References6
OSV
OSV
added 2025/12/08 2:16 p.m.10 views

CVE-2025-14246

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

9.8CVSS5.7AI score0.00282EPSS
Exploits1References5
NVD
NVD
added 2025/12/08 2:16 p.m.10 views

CVE-2025-14246

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

9.8CVSS0.00282EPSS
Exploits1References5
CVE
CVE
added 2025/12/08 1:32 p.m.19 views

CVE-2025-14246

CVE-2025-14246 affects code-projects Simple Shopping Cart 1.0. The vulnerability is a SQL injection in /Customers/settings.php triggered by manipulating the user_id parameter. Remote exploitation is possible and the exploit has been publicly disclosed. Advisories (CNVD/CNNVD/Red Hat) confirm the ...

9.8CVSS6.7AI score0.00282EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.5 views

Code-Projects Simple Shopping Cart SQL注入漏洞

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...

9.8CVSS7AI score0.00282EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/29 8:9 a.m.15 views

CVE-2025-13768

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...

8.8CVSS6.8AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2025/11/28 8:15 a.m.5 views

CVE-2025-13768

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/28 7:31 a.m.15 views

EUVD-2025-199866

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...

7.7CVSS6.4AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder