Lucene search
K

38584 matches found

EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19315

A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 2026/04/06 4:16 p.m.6 views

CVE-2026-5665

A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...

7.5CVSS0.00319EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/06 4:10 p.m.3 views

Improper Encoding or Escaping of Output

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...

8.6CVSS6.1AI score0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/06 11:52 a.m.2 views

CVE-2026-31406

A flaw was found in the Linux kernel, specifically within its xfrm IP eXtensible FRamework component. This vulnerability arises from a race condition during network cleanup, where a scheduled task natkeepalivework can be re-activated and attempt to operate on memory that has already been freed...

7.8CVSS5.9AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-35562

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 12:0 a.m.1 views

CVE-2026-31059

A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...

6.2AI score0.00901EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30617

A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.3AI score0.00901EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/06 12:0 a.m.21 views

CVE-2026-31059

A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...

0.00901EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

UTT 520W 安全漏洞

UTT 520W is a wireless router produced by China's UTTE Corporation. The UTT 520W v3v1.7.7-180627 version contains a security vulnerability. This vulnerability stems from issues with the /goform/formDia component, which may allow for remote command execution, potentially enabling the execution of...

9.8CVSS6AI score0.00901EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30746

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References8
CVE
CVE
added 2026/04/05 9:15 p.m.11 views

CVE-2026-5597

The CVE-2026-5597 entry concerns griptape-ai griptape v0.19.4. Affects the ComputerTool component (griptape\tools\computer\tool.py) where manipulation of the argument filename can cause a path traversal. It is possible to exploit remotely; the exploit has been published. Exploit maturity is repor...

6.5CVSS6.2AI score0.00422EPSS
Exploits0References4
CVE
CVE
added 2026/04/05 8:45 p.m.8 views

CVE-2018-25256

CVE-2018-25256 affects IP TOOLS 2.50, specifically the SNMP Scanner component. A local buffer overflow can be triggered by oversized input in the From Addr and To Addr fields, crashing the application when Start is clicked and causing a denial of service via an SEH overwrite. The description in t...

6.8CVSS6.2AI score0.00202EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/05 3:0 p.m.23 views

CVE-2026-5575 SourceCodester/jkev Record Management System Login index.php sql injection

A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The...

7.5CVSS0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/05 2:45 p.m.1 views

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.7 views

IP TOOLS 缓冲区错误漏洞

IP TOOLS is a tool provided by the IP TOOLS company for viewing IP addresses. Version 2.50 of IP TOOLS contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow in the SNMP Scanner component, which could allow local attackers to cause the application to crash...

6.8CVSS6.1AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-5360

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

6.3CVSS5.1AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 10:16 p.m.3 views

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.8CVSS0.00386EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 9:41 p.m.2 views

CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.7CVSS6.2AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 7:49 p.m.5 views

CVE-2026-23451

A flaw was found in the Linux kernel's bonding component. When a specific network configuration involving a stack of two bonding devices is set up, the bondheaderparse function can enter an infinite loop. This vulnerability can lead to a Denial of Service DoS, making the affected system...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 6:47 p.m.4 views

CVE-2026-23460

A flaw was found in the Linux kernel's net/rose component. A local user can trigger a NULL pointer dereference by calling connect a second time while a connection attempt is already in progress. This improper handling of concurrent connection attempts can lead to a system crash, resulting in a...

5.9AI score0.00123EPSS
Exploits0References4
Rows per page
Query Builder