Lucene search
K

443 matches found

NVD
NVD
added 2026/02/03 3:16 p.m.11 views

CVE-2026-24994

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.7.2...

5.3CVSS0.00187EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/22 12:31 p.m.11 views

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.6AI score0.00159EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.12 views

PT-2026-3611

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References2
NVD
NVD
added 2026/01/13 10:16 p.m.12 views

CVE-2025-68658

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...

4.8CVSS0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

Open Source Point of Sale 跨站脚本漏洞

Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A cross-site scripting vulnerability exists in Open Source Point of Sale versions 3.4.0 and 3.4.1, which stems from a stored cross-site script in the configuration function that could cause an...

4.8CVSS5.6AI score0.0018EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

6.5CVSS6.5AI score0.00888EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution...

9.8CVSS6.9AI score0.36845EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.8 views

CVE-2017-18803

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings...

6.2CVSS7.1AI score0.00297EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/07 4:31 a.m.7 views

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...

9.3CVSS9.1AI score0.00964EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Selea Targa IP OCR-ANPR Camera 访问控制错误漏洞

Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. An access control error vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from the use of hard-coded passwords, which could lead to unauthorized configuration access...

9.8CVSS6.7AI score0.00437EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/04 7:22 p.m.5 views

CVE-2025-66208

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

9.8CVSS6.8AI score0.00984EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/17 4:48 p.m.4 views

EUVD-2025-197804

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

7.2CVSS8.5AI score0.00712EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/14 4:54 p.m.10 views

CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Commands Connectors configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, fr...

6.8CVSS0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/09 10:29 p.m.8 views

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS8AI score0.00447EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/10/08 8:2 a.m.14 views

CVE-2025-11444

TOTOLINK N600R is affected: the buffer overflow exists in the HTTP Request Handler’s setWiFiBasicConfig function, in /cgi-bin/cstecgi.cgi, triggered by manipulating the wepkey argument. This vulnerability allows remote exploitation and has publicly available PoCs. Affected firmware versions are p...

9CVSS6.8AI score0.00958EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/10/07 7:8 a.m.1 views

SUSE-SU-2025:03456-1 Security update for logback

This update for logback fixes the following issues: - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715...

7CVSS6.7AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-0347

Malware in sbrugna...

10CVSS6.4AI score0.01546EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-1087

Malware in sbrugna...

7.5CVSS6.4AI score0.02386EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-14780

Malware in sbrugna...

6CVSS5.9AI score0.00355EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2021-20524

Malware in sbrugna...

5.4CVSS5.6AI score0.01512EPSS
Exploits1References2
Rows per page
Query Builder