Lucene search
+L

1768 matches found

EUVD
EUVD
added 2026/04/02 3:31 p.m.5 views

EUVD-2026-18290

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Open WebUI 授权问题漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.8.11 had vulnerabilities related to authorization issues, which stemmed from improper access control in tool values...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 12:0 a.m.21 views

CVE-2026-29909

CVE-2026-29909 affects MRCMS v3.1.2. The /admin/file/list.do endpoint in the file management module is unauthenticated and lacks input validation, enabling remote directory enumeration without credentials. The vulnerability is consistently described across NVD, Red Hat, ENISA EUVD, CVE List, and ...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.6 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.13 views

CVE-2021-27489

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...

8.8CVSS7.2AI score0.01291EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 12:30 p.m.6 views

EUVD-2018-21675

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS6.2AI score0.00337EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/23 6:14 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...

9CVSS6.5AI score0.00549EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/20 4:8 p.m.7 views

CVE-2026-22732

A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...

9.1CVSS5.6AI score0.0048EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/03/12 3:37 p.m.28 views

CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS0.00359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24834

CVE-2026-2368 An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute… https://t.co/M7UelXEVSF...

7.5CVSS5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10508

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 12:0 a.m.34 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/09 12:0 a.m.12 views

CVE-2025-70033

CVE-2025-70033 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-79: Improper Neutralization of Input During Web Page Generation in Sunbird-Ed’s portal. CVSSv3.1 base: 5.4 (MEDIUM) with Network attack vector, Low confidentiality and integrity impact, no availability impact; user inter...

5.4CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/05 5:54 a.m.9 views

CVE-2026-27996

CVE-2026-27996 (WordPress Lingvico theme <= 1.0.14) is a Local File Inclusion (LFI) vulnerability caused by improper control of include/require filenames in PHP. Affected software is ThemeREX Lingvico Lingvico (WordPress theme) versions up to and including 1.0.14. The NVD entry and Red Hat/CVE...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.9 views

CVE-2026-27988

CVE-2026-27988 describes an unauthenticated Local File Inclusion in the WordPress ThemeREX Equadio theme (Equadio) <= 1.1.3, caused by improper control of the filename used in Include/Require. The vulnerability could allow an attacker to access local files on the server. Public sources in the ...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.7 views

PT-2026-22825

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

5.8CVSS5.8AI score0.00318EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.4 views

CVE-2026-26702

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...

9.8CVSS6AI score0.00553EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 7:28 p.m.4 views

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS5.4AI score0.00327EPSS
Exploits1References5
NVD
NVD
added 2026/02/19 4:27 p.m.8 views

CVE-2025-71248

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Rows per page
Query Builder