122335 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
CVE-2026-11851
CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...
EUVD-2026-44584
Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...
CVE-2026-61520
The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...
CVE-2026-15410
Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...
CVE-2026-56196
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network...
CVE-2026-50499
Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...
CVE-2026-15058
CVE-2026-15058 concerns Devolutions Server (versions 2026.2.11 and 2026.1.22) with an improper authorization flaw in the secure messages deletion endpoint. An authenticated user can delete another user’s messages by manipulating a direct object reference to the message identifier. The connected d...
CVE-2026-62659
CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...
CVE-2026-15429
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...
CVE-2026-55651
Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...
CVE-2026-11944
CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...
CVE-2025-43892
Fortinet FortiOS is affected by CVE-2025-43892: a buffer over-read in FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 all versions. An authenticated remote attacker could cause the device to return a portion of memory in the redirect response by submitting a specially crafted request. The CVSSv3.1 vect...
CVE-2026-9127
Summary: CVE-2026-9127 affects Studio 5000 Logix Designer®. The issue: incorrect authorization on a configuration file allows any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could point the configuration to a malicious exec...
CVE-2025-40945
A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...
CVE-2025-40945
CVE-2025-40945 affects multiple Siemens/Siemens Digital Industries software (e.g., COMOS, Designcenter NX, Simcenter suite, Solid Edge, Teamcenter Visualization, Tecnomatix, etc.) across numerous versions. The vulnerability is described as an untrusted search path in the IAM Client SDK that may a...
CVE-2025-40945
A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...
Online Event Booking and Reservation System 2.3.0 - SQL Injection
Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39109 info: name: rConf...
Woo Bulk Price Update <2.2.2 - Cross-Site Scripting
The Woo Bulk Price Update WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the technogetproducts action, which can only be triggered by an authenticated user. id: CVE-2023-28665 info: name: Woo Bulk Price Update 2.2.2 -...