Lucene search
+L

185 matches found

CVE
CVE
added 2026/03/26 4:5 a.m.25 views

CVE-2026-4840

CVE-2026-4840 affects Netcore Power 15AX up to 3.0.0.6938, specifically the Diagnostic Tool Interface’s /bin/netis.cgi function setTools. The issue arises from manipulating the IpAddr argument, enabling an OS command injection. Remote exploitation is possible, and the exploit has been released pu...

9CVSS6.8AI score0.08263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26341

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/18 6:31 p.m.9 views

EUVD-2025-208833

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.3 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 12:0 a.m.13 views

CVE-2025-55045

The CVE-2025-55045 issue affects MuraCMS (up to 10.1.10) due to a CSRF flaw in the cUsers.updateAddress function. The vulnerability allows a crafted webpage to cause an authenticated administrator’s browser to submit requests that add, modify, or delete user addresses without proper CSRF token va...

7.1CVSS5.8AI score0.00109EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26083

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS5.7AI score0.00109EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 11:16 p.m.4 views

CVE-2026-4284

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...

5.8CVSS0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-3613

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly...

8.6CVSS7.5AI score0.00709EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

D-Link DSL-124 安全漏洞

The D-Link DSL-124 is a wired modem-router integrated device produced by D-Link Corporation. The D-Link DSL-124 ME1.00 version contains a security vulnerability. This vulnerability stems from improper session management, which may allow attackers to execute session hijacking attacks by manipulati...

8.2CVSS5.9AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 4:2 p.m.8 views

CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

2.3CVSS5.5AI score0.00212EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.10 views

GCOM EPON 1GE 安全漏洞

GCOM EPON 1GE is a fiber-optic access device developed by GCOM Corporation. The GCOM EPON 1GE ONU C00R371V00B01 version contains a security vulnerability. This vulnerability stems from improper session management, and it could allow attackers to carry out session hijacking attacks by manipulating...

8.1CVSS5.8AI score0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/22 3:2 p.m.4 views

CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

6.5CVSS6.3AI score0.00331EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/21 5:8 a.m.6 views

Insecure Direct Object Reference (IDOR)

spreeapi is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper ownership validation in the guest checkout flow, which allows an attacker to manipulate address ID parameters and bind arbitrary guest addresses to their order...

8.7CVSS5.9AI score0.00599EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2026/02/20 9:19 p.m.10 views

CVE-2026-2856

A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be...

9CVSS0.00642EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/20 9:2 p.m.5 views

CVE-2026-2857 D-Link DWR-M960 Port Forwarding Configuration Endpoint formPortFw sub_423E00 stack-based overflow

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...

9CVSS8.5AI score0.00863EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/20 9:2 p.m.4 views

CVE-2026-2857

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...

9CVSS6AI score0.00863EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21287

A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub 462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated...

9CVSS6.3AI score0.00863EPSS
Exploits1References5
OSV
OSV
added 2026/02/12 7:15 a.m.9 views

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 6:4 a.m.18 views

CVE-2025-15577

CVE-2025-15577 : An unauthenticated attacker can exploit a URL manipulation vulnerability to achieve arbitrary file read on Valmet DNA Web Tools: C2022 and older. The CVE is rated CRITICAL (CVSSv4.0: AV:N/AC:L/PR:N/UI:N/S:U/VI:N/VC:H/VS:N/VA:N/AT:N/AC:H/E:P) with network access, low complexity, a...

9.2CVSS5.7AI score0.00505EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 6:4 a.m.4 views

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

9.2CVSS5.7AI score0.00505EPSS
Exploits0References2
Rows per page
Query Builder