Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/11/18 3:5 a.m.21 views

CVE-2025-10460

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

9.4CVSS8.2AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.5 views

CVE-2024-29661

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload...

9.8CVSS7.5AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.9 views

CVE-2024-28679

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via Photo Collection...

6.1CVSS6.1AI score0.00472EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:58 p.m.5 views

CVE-2025-32127 WordPress onOffice for WP-Websites plugin <= 5.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows SQL Injection.This issue affects onOffice for WP-Websites: from n/a through = 5.7...

7.6CVSS8.9AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/10 4:19 p.m.13 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.8AI score0.00818EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27184 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...

7.5CVSS4.6AI score0.00915EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.6 views

PT-2023-27681 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the "/dede/vote add.php" API endpoint via the votename and voteitem1...

5.4CVSS5.5AI score0.00387EPSS
Exploits1References3
OSV
OSV
added 2021/06/28 1:15 a.m.4 views

CVE-2021-20749

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

5.4CVSS6.2AI score0.00989EPSS
Exploits0References3
NCSC
NCSC
added 2021/01/19 12:0 a.m.5 views

Vulnerability fixed in McAfee Agent

McAfee has fixed a vulnerability in McAfee Agent. Due to a flaw in the permissions structure, a local malicious agent can disrupt the operation of Agent by manipulating a directory used by Agent used for temporary files. The result of this is that Agent continues to work, but no longer processes...

5.5CVSS6.7AI score0.00354EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/08/19 2:10 p.m.5 views

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS7.3AI score0.01878EPSS
Exploits0References5
CNVD
CNVD
added 2016/07/21 12:0 a.m.10 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05392)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by an unauthenticated, local attacker to affect availability...

4.9CVSS7.5AI score0.02213EPSS
Exploits0References1
Rows per page
Query Builder