Lucene search
K

1352 matches found

EUVD
EUVD
added 2026/06/12 2:26 p.m.10 views

EUVD-2026-36485

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48891

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit discussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 11:9 p.m.13 views

nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

5.3AI score0.00013EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47385

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A local user can cause an infinite loop in the kernel context by crafting a self-referential extension where ext-next == &ext with zero in sync count and out sync count. This occurs...

9.8CVSS5.2AI score0.00457EPSS
Exploits1References73
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47542

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

7CVSS5.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.7 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS5.5AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9479

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...

9CVSS8.2AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.6AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.8AI score0.00463EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 1:4 p.m.7 views

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

9.8CVSS6.3AI score0.00311EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.12 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS6.2AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2026/05/31 1:16 p.m.15 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS0.00472EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/31 12:45 p.m.15 views

EUVD-2026-33503

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:45 p.m.12 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/31 12:45 p.m.9 views

CVE-2026-10181 TRENDnet TEW-432BRP formSysCmd stack-based overflow

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.11 views

PT-2026-45193

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS7.8AI score0.00472EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9346

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

9CVSS7.5AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-9440

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS6.5AI score0.01364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.10 views

CVE-2026-9460

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

9CVSS7.9AI score0.00751EPSS
Exploits0References1
Rows per page
Query Builder