Lucene search
K

512 matches found

OSV
OSV
added 2026/06/29 5:37 a.m.3 views

BIT-APPSMITH-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

9.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.19 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS0.00271EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
CERT
CERT
added 2026/06/02 12:0 a.m.11 views

Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability

Overview A stored cross-site scripting XSS vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shared PostgreSQL...

6.3CVSS6.2AI score0.00341EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

Projectworlds Gate Pass Management System SQL注入漏洞

The Projectworlds Gate Pass Management System is an open-source boarding pass management system developed by Projectworlds. Version 2.1 of the Projectworlds Gate Pass Management System has a SQL injection vulnerability. This vulnerability stems from the login and password parameters, which are...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 4:45 a.m.8 views

CVE-2026-8274 npitre cramfs-tools Directory cramfsck.c do_directory path traversal

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

5.3CVSS5.6AI score0.00173EPSS
Exploits0References8
CVE
CVE
added 2026/05/11 4:45 a.m.26 views

CVE-2026-8274

CVE-2026-8274 affects npitre cramfs-tools up to version 2.1. The vulnerability is in the Directory Handler’s cramfsck.c do_directory function and enables local path traversal. Exploitation requires local access; the vulnerability is disclosed publicly. A fix is available in version 2.2, with patc...

5.3CVSS5.6AI score0.00173EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

cramfs-tools 路径遍历漏洞

cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools 2.1 and earlier contained a path traversal vulnerability, which originated from a function in the Directory Handler component called dodirectory in the cramfsck.c file, which allowed for...

5.3CVSS6AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from insufficient inpu...

9.3CVSS6AI score0.01235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36261

Name of the Vulnerable Software and Affected Versions Fujian Apex LiveBOS versions prior to 2.1 Description A path traversal issue exists in the Endpoint component. A remote attacker can manipulate the filename argument in the '/feed/UploadImage.do' endpoint to access or overwrite files outside t...

7.5CVSS7.2AI score0.00418EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/14 3:37 a.m.2 views

CVE-2026-1607 Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 10:52 a.m.6 views

CVE-2026-5636

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

6.5CVSS5.7AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 7:45 a.m.16 views

CVE-2026-5635

CVE-2026-5635 affects PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is in the Parameter Handler’s /categorywise-products.php, where manipulating the cid parameter leads to SQL injection. Attacks can be launched remotely and the exploit has been released publicly. Concrete remed...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.11 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30428

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “pid” in the...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References6
NVD
NVD
added 2026/03/25 5:16 p.m.9 views

CVE-2026-25457

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through = 2.1...

8.1CVSS0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-25017 WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through = 2.1...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25018 WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder