Lucene search
K

660 matches found

Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26855

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback update user wechatshop info permissions check only validating that the supplied 'openid' parameter corresponds to ...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

WordPress plugin REST API TO MiniProgram 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References7
NVD
NVD
added 2026/03/18 9:16 p.m.4 views

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS0.00432EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 8:37 p.m.15 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS0.00432EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/18 8:37 p.m.2 views

EUVD-2026-12960

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 8:37 p.m.3 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 8:37 p.m.4 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References4
CVE
CVE
added 2026/03/18 8:37 p.m.11 views

CVE-2026-32321

ClipBucket v5.x prior to 5.5.3 #80 contains an authenticated time-based blind SQL injection in the actions/ajax.php endpoint. The vulnerability arises from insufficient input sanitization of the userid parameter, enabling an authenticated attacker to execute arbitrary SQL queries, leading to full...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.3 views

PT-2026-26155

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 80 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the userid parameter input...

8.8CVSS5.9AI score0.00432EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Tiandy Integrated Management Platform SQL注入漏洞

Tiandy Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. Version 7.17.0 of Tiandy Integrated Management Platform contains a SQL injection vulnerability. This vulnerability stems from improper handling of the parameter...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/15 8:2 a.m.36 views

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

6.5CVSS0.00275EPSS
Exploits0References5
CVE
CVE
added 2026/03/15 8:2 a.m.11 views

CVE-2026-4171

CVE-2026-4171 affects CodeGenieApp serverless-express up to 4.17.1. The vulnerability involves the authorization of a TodoList.ts endpoint (examples/lambda-function-url/packages/api/models/TodoList.ts) where manipulating the userId bypasses authorization. It is exploitable remotely and has public...

6.5CVSS6AI score0.00275EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/15 8:2 a.m.3 views

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

6.5CVSS5.3AI score0.00275EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25543

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

6.5CVSS5.3AI score0.00275EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 2:48 p.m.9 views

BIT-PARSE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 12:21 a.m.8 views

GHSA-FR88-W35C-R596 Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Impact The OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 12:21 a.m.6 views

EUVD-2026-10885

Parse Server OAuth2 authentication adapter account takeover via identity spoofing...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 12:21 a.m.3 views

Insufficiently Protected Credentials

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the OAuth2 authentication process when the useridField option is not set. An attacke...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 9:16 p.m.6 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

8.8CVSS0.00333EPSS
Exploits0References3
Rows per page
Query Builder