Lucene search
K

2038 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 7:53 a.m.14 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 9:16 p.m.22 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00209EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 8:30 p.m.4 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

5.3CVSS6.2AI score0.00209EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/26 8:30 p.m.36 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00209EPSS
Exploits0References7
CVE
CVE
added 2026/05/26 8:30 p.m.27 views

CVE-2026-9581

JeecgBoot

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:30 p.m.11 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/26 8:30 p.m.12 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability. This vulnerability stems from improper handling of the LoginController.selectDepart function in the sys/...

7.5CVSS7.1AI score0.00291EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43415

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability caused by improper handling of unknown functions in the /sys/comment/add file. This vulnerability may lead t...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/22 2:17 p.m.16 views

CVE-2021-21508

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

6.7CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 2:17 p.m.23 views

CVE-2021-21508

Dell VxRail: Affected versions before 7.0.200 store passwords in plain text within VxRail Manager, enabling a sys-admin to disclose credentials and access the vulnerable app with the compromised account’s privileges. Impact is credential exposure with high confidentiality and integrity risk (per ...

6.7CVSS5.7AI score0.00117EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

5.5CVSS6AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. File system bugs due to corrupted images are not considered a CVE for any filesystem that can only be mounted with CAPSYSADMIN in the initial user namespace. This includes delegated mounting...

6.7AI score
Exploits1References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29946

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 12:0 a.m.17 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.5 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2026-29110

Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRPMJREITS command interface, which allows any user process to request a PROCESSALLACCESS. Cross reference to KVE 2023-5589 https://krcert.or.kr...

5.8AI score0.00176EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-3609

Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRPMJREITS command interface, which allows any user process to request a PROCESSALLACCESS. Cross reference to KVE 2023-5589 https://krcert.or.kr...

7.8CVSS0.00176EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 4:25 p.m.37 views

CVE-2026-3609 XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability

Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRPMJREITS command interface, which allows any user process to request a PROCESSALLACCESS. Cross reference to KVE 2023-5589 https://krcert.or.kr...

0.00176EPSS
Exploits1References2
Rows per page
Query Builder