Lucene search
K

572 matches found

CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Apache Causeway 安全漏洞

Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...

6.3CVSS7.1AI score0.09442EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/18 12:0 a.m.2 views

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

6.5CVSS7.8AI score0.01577EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/18 12:0 a.m.8 views

VulnCheck KEV: CVE-2020-26948

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...

9.8CVSS5.8AI score0.87154EPSS
In wildExploits4References80
NVD
NVD
added 2025/11/13 4:15 p.m.7 views

CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack...

6.5CVSS0.00519EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/13 12:0 a.m.8 views

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

0.03455EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Jellysweep 代码问题漏洞

Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...

8.9CVSS6.8AI score0.00264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/04 2:30 p.m.10 views

Jellysweep uses uncontrolled data in image cache API endpoint

Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...

8.9CVSS7AI score0.00264EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2020-30816

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS7.1AI score0.02238EPSS
Exploits0References4
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

E-Commerce Website supplier_add.php file cross-site scripting vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplieradd.php, which can be exploite...

6.1CVSS6AI score0.00356EPSS
Exploits1References1
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS0.02238EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

8.8CVSS6AI score0.02238EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:30 p.m.12 views

CVE-2020-36856

Nagios XI

9.4CVSS7.2AI score0.02238EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:30 p.m.3 views

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS7.2AI score0.02238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44462

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14 Description Nagios XI versions prior to 5.6.14 have an authenticated remote command execution issue in the command test.php script within the Core Config Manager CCM. A lack of proper validation of the addres...

9.4CVSS7.2AI score0.02238EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/28 12:31 a.m.6 views

EUVD-2025-36373

A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplieradd.php. The manipulation of the argument suppname/suppaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS3.8AI score0.00356EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/10/27 10:32 p.m.3 views

CVE-2025-12333 code-projects E-Commerce Website supplier_add.php cross site scripting

A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplieradd.php. The manipulation of the argument suppname/suppaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS3.9AI score0.00356EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/24 6:0 a.m.4 views

EUVD-2025-35803

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...

2.7CVSS6.3AI score0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.6 views

PT-2025-43612

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions prior to 2.1.5 Description The software contains a Server-Side Request Forgery issue resulting from inadequate...

7.5CVSS6.7AI score0.0035EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/10/11 11:20 a.m.5 views

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

5.4CVSS6.9AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 11:15 a.m.4 views

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

5.4CVSS0.00318EPSS
Exploits0References2
Rows per page
Query Builder