Lucene search
+L

2198 matches found

EUVD
EUVD
added 2026/05/25 2:15 p.m.10 views

EUVD-2018-21882

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.21 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-43215

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/23 6:30 p.m.14 views

EUVD-2018-21865

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 1:17 p.m.9 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 4:30 p.m.13 views

RLSA-2025:23479 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

5.3CVSS6.8AI score0.00284EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 6:17 a.m.11 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
NVD
NVD
added 2026/05/14 10:16 p.m.27 views

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

6.9CVSS0.00356EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:36 p.m.8 views

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 9:36 p.m.5 views

CVE-2026-45248 Hedera Guardian Authentication Bypass Information Disclosure

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

6.9CVSS6AI score0.00356EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 9:36 p.m.53 views

CVE-2026-45248 Hedera Guardian Authentication Bypass Information Disclosure

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

6.9CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 9:36 p.m.21 views

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in GET /api/v1/demo/registered-users that allows unauthenticated attackers to retrieve usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users. Exploitation detai...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 9:13 p.m.48 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS0.00479EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:13 p.m.8 views

CVE-2026-44671

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/14 9:13 p.m.25 views

CVE-2026-44671

Summary of CVE-2026-44671 (ZITADEL LDAP Filter Injection) : Zitadel’s LDAP IdP parsing fails to escape user-provided usernames in LDAP search filters, enabling unauthenticated users to perform blind LDAP Injection during login. The issue affects Zitadel deployments using LDAP IdP in the following...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/14 9:13 p.m.7 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS6AI score0.00479EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/13 9:52 p.m.12 views

EUVD-2026-30185

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

5.3CVSS5.8AI score0.00318EPSS
Exploits1References1
Rows per page
Query Builder