Lucene search
+L

1768 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.3 views

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

5.8AI score0.01649EPSS
Exploits2References1
CVE
CVE
added 2026/02/16 5:5 p.m.47 views

CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/11 2:56 p.m.15 views

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/09 8:11 a.m.10 views

CVE-2025-7799

CVE-2025-7799 describes a Reflected XSS vulnerability in Zirve Information Technologies Inc.’s E-Taxpayer Accounting Website (through 07082025). The issue stems from improper input neutralization during web page generation, enabling attacker-supplied input to be reflected back to the user in the ...

8.6CVSS5.4AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/02/08 12:16 a.m.6 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS0.00381EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 10:2 a.m.35 views

CVE-2026-2014 itsourcecode Student Management System index.php sql injection

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS0.00416EPSS
Exploits1References5
Arista
Arista
added 2026/02/03 12:0 a.m.36 views

Security Advisory 0133

Security Advisory 0133 PDF Date: February 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | February 3, 2026 | Initial release Description Several vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW. On affected platforms, an administrative account logged into...

7.2CVSS5.6AI score0.11737EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.14 views

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/26 12:8 p.m.220 views

Exploit for CVE-2026-22686

CVE-2026-22686 Web Application PoC Critical Sandbox Escape...

10CVSS6.2AI score0.00588EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.13 views

PT-2026-4088

Name of the Vulnerable Software and Affected Versions Casey Bisson wpCAS versions through 1.07 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the injection of...

5.2AI score0.0018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/18 3:2 p.m.7 views

CVE-2026-1123

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

9.8CVSS5.3AI score0.00414EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/12 12:0 a.m.7 views

EUVD-2026-1913

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE Remote Code Execution. The application receives a reverse shell php into imagem of the user enabling RCE...

9.8CVSS6.5AI score0.00791EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.6 views

CVE-2023-25394

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours...

7CVSS6.7AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.9 views

CVE-2023-43744

An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zult...

7.2CVSS8.3AI score0.01988EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/09 12:30 p.m.139 views

Exploit for CVE-2025-66802

CVE-2025-66802 Sourcecodester Covid-19 Contact Tracing System...

9.8CVSS8.8AI score0.00791EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/09 12:22 p.m.8 views

CVE-2018-14387

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's...

8.8CVSS6.8AI score0.01632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.6 views

CVE-2021-41861

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted on both the...

5.5CVSS6.7AI score0.00439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.9 views

CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

5.4CVSS6.9AI score0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.8 views

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in...

9.8CVSS6.9AI score0.01207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS7.1AI score0.00713EPSS
Exploits0References1
Rows per page
Query Builder