Lucene search
K

1797 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 3:50 p.m.9 views

CVE-2026-9210 Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References32
CVE
CVE
added 2026/06/09 3:50 p.m.22 views

CVE-2026-9210

CVE-2026-9210 involves an insufficient input validation vulnerability in NETGEAR routers where listed NETGEAR models allow authenticated administrators on the local network to make unauthorized modifications to router software and functionality. The underlying issue is improper input handling tha...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References32Affected Software1
CVE
CVE
added 2026/06/09 3:50 p.m.18 views

CVE-2026-0416

CVE-2026-0416 affects Netgear RAXE450 and RAXE500 routers. Authenticated administrators on the local network can modify router functionality beyond what is intended via the standard management interface. Documented CVSS shows adjacent access, high privileges, no user interaction, and integrity im...

6.8CVSS5.4AI score0.0018EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.29 views

CVE-2026-0410 Insufficient input validation in certain NETGEAR routers

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

5.7CVSS0.00219EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47815

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and...

5.7CVSS5.8AI score0.00219EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47820

Name of the Vulnerable Software and Affected Versions NETGEAR router models affected versions not specified Description Insufficient input validation allows an authenticated administrator with local network access to submit crafted input. This action bypasses intended management interface...

6.8CVSS5.2AI score0.0018EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

NETGEAR Routers 代码注入漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a code injection vulnerability, which stems from insufficient input validation in the rbe970 model. This vulnerability could allow administrators who are connected to the local networ...

6.8CVSS5.4AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from the possibility that authenticated administrators who are connected to the local network may gain elevated...

5.7CVSS5.4AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47857

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...

7.1CVSS5.9AI score0.00216EPSS
Exploits0References34
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are products of the American company Fortinet. Fortinet FortiOS is a security operating system specifically designed for the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus...

6.7CVSS5.6AI score0.00144EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 3:16 p.m.15 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 2:1 p.m.27 views

CVE-2026-25558

CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/06 4:17 a.m.13 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS0.00558EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/06 3:28 a.m.8 views

CVE-2026-9594 WP Maps <= 4.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting via 'location_messages' Parameter

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.38 views

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.9 views

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.45 views

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS0.00315EPSS
Exploits0References4
CVE
CVE
added 2026/06/06 2:28 a.m.28 views

CVE-2026-2500

The Quick Playground WordPress plugin vulnerability (

4.4CVSS5.4AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.39 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00659EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.12 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
Rows per page
Query Builder