Lucene search
K

1395 matches found

CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

WordPress plugin Latest Post Accordian Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Latest Post Accordian Slider plugin, which stems from a lack of random number validation on the lpaccordian...

6.1CVSS6.7AI score0.00117EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.1 views

WordPress plugin Website Contact Form With File Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

9.8CVSS7.6AI score0.03257EPSS
Exploits1References9
CNVD
CNVD
added 2025/07/21 12:0 a.m.3 views

Zoo Management System /admin/index.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

9.8CVSS7.9AI score0.01721EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.3 views

Online Appointment Booking System ulocateus.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter doctorname in the file /ulocateus.php that lacks validation of externally entered SQL statements. An...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Mobile Shop EditMobile.php File SQL Injection Vulnerability

Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /EditMobile.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Modern Bag product-update.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2025/07/12 5:15 a.m.4 views

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...

9.8CVSS6.5AI score0.05649EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.2 views

Code-Projects Library System 代码问题漏洞

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /user/teacher/profile.php. An attacker can exploit this vulnerability to upload malicious files...

8.8CVSS6.7AI score0.00311EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Frappe Technologies Frappe 授权问题漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. Frappe Technologies Frappe suffers from an authorization issue vulnerability that stems from a lack of server-side validation, which could lead to...

6.9CVSS6.6AI score0.00299EPSS
Exploits0References3
CNVD
CNVD
added 2025/07/07 12:0 a.m.2 views

Simple forum code issue vulnerability

Simple forum is a simple forum. Simple forum has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to upload malicious files...

8.8CVSS6.7AI score0.00308EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.1 views

Library System add-book.php file code issue vulnerability

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...

9.8CVSS7.3AI score0.00325EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.1 views

Car Rental System add_cars.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter carname in the file /admin/addcars.php. An attacker can use this vulnerability to execute illegal S...

9.8CVSS8AI score0.00399EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

Janssen 安全漏洞

Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...

8.2CVSS6.3AI score0.00343EPSS
Exploits0References5
CNVD
CNVD
added 2025/06/27 12:0 a.m.2 views

Simple Pizza Ordering System saveorder.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /saveorder.php. An attacker can exploit this...

9.8CVSS8AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.2 views

Inventory Management System editBrand.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...

9.8CVSS7.9AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/27 12:0 a.m.1 views

Simple Online Hotel Reservation System index.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/06/25 5:15 p.m.5 views

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

10CVSS6.2AI score0.09805EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.2 views

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/23 3:3 a.m.6 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS5.7AI score0.00361EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.2 views

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-teacher-pic.php when processing directory requests, and c...

7.5CVSS6.7AI score0.00796EPSS
Exploits1References2
Rows per page
Query Builder