Lucene search
K

12 matches found

Nuclei
Nuclei
added yesterday9 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS5.8AI score0.01351EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:41 p.m.16 views

CVE-2026-41885

CVE-2026-41885 affects i18next-locize-backend prior to version 9.0.2. The issue arises when the backend interpolates values (lng, ns, projectId, version) directly into URL templates (loadPath/privatePath/addPath/updatePath/getLanguagesPath) without encoding or validation, enabling user-controlled...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 8:9 p.m.9 views

EUVD-2026-28438

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description Insufficient sanitization of the PIP INDEX URL and UV INDEX URL environment variables in host execution contexts allows attackers to redirect Python package-index traffic. This can lead to the...

6.1CVSS5.8AI score0.00125EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25273

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00182EPSS
Exploits0References5
OSV
OSV
added 2020/11/16 4:15 p.m.3 views

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection...

6.1CVSS6.4AI score0.00724EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/10/07 12:0 a.m.6 views

The vulnerability of the xdg-utils lies in the lack of measures to sanitize input data, allowing an attacker to execute arbitrary code within the application context.

The vulnerability of the xdg-utils package is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the application, by injecting commands into the URL...

7.3CVSS8.1AI score0.03256EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/01/22 12:0 a.m.3 views

Unspecified Vulnerability in Comtech Telecommunications Stampede FX-1010

Comtech Telecommunications Stampede FX-1010 is a data center product from Comtech Telecommunications. A security vulnerability exists in the Comtech Telecommunications Stampede FX-1010 version 7.4.3. An attacker can exploit the vulnerability by navigating to the Fetch URL page and injecting shell...

9CVSS7.1AI score0.04244EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/06/11 3:32 p.m.4 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:39 p.m.4 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
OSV
OSV
added 2017/12/14 4:29 p.m.3 views

CVE-2017-17534

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521...

8.8CVSS5.8AI score0.0122EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/08 12:0 a.m.1 views

IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management Cross-Site Scripting Vulnerability

IBM Emptoris Strategic Supply Management Platform is a strategic supply management solution from IBM that helps organizations maximize cost savings, improve supplier performance and reduce risk. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management Platform and...

3.5CVSS6.5AI score0.00783EPSS
Exploits0References1
Rows per page
Query Builder