Lucene search
K

6486 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46240

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...

5.8AI score0.00547EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

T3 Technology CPE models 安全漏洞

T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. There are security vulnerabilities in the T3 Technology CPE models version 1.0.07 and the T6825G version 1.0.03. These vulnerabilities stem from unrecorded debug CGI endpoints,...

9.6CVSS5.8AI score0.00466EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

T3 Technology CPE models 安全漏洞

T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. The T3 Technology CPE models, including versions v1.0.07, T6825G v1.0.03, and T7281 v1.0.03, contain security vulnerabilities. These vulnerabilities stem from the hardcoded...

9.8CVSS8.4AI score0.00421EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/03 9:41 p.m.22 views

Froxlor's API Authentication bypasses 2FA Authentication

Summary Froxlor's API authentication FroxlorRPC::validateAuth does not enforce Two-Factor Authentication. When a user admin or customer enables 2FA on their account, the web UI correctly requires a TOTP code after password verification. However, the API accepts requests authenticated with only an...

9.8CVSS7.3AI score0.01119EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/03 5:35 p.m.35 views

CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 5:35 p.m.11 views

CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 5:35 p.m.13 views

EUVD-2026-34157

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 4:13 p.m.10 views

DRUPAL-CONTRIB-2026-041

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commercecheckout enabled, and the "Comments"...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 4:6 p.m.7 views

CVE-2026-20233

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46081

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commerce checkout enabled, and the "Comments"...

5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a security vulnerability. This vulnerability allows authenticated users to persist arbitrary HTML/JavaScript in customer records’ email or mobile...

5.1CVSS5.5AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References6
NVD
NVD
added 2026/06/02 11:16 p.m.25 views

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 10:9 p.m.28 views

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/02 2:40 p.m.8 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.6...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2026-33835

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45872

Name of the Vulnerable Software and Affected Versions QloApps versions prior to 1.7.0 commit 64e9722 Description The software uses a weak cryptographic algorithm for password hashing. Specifically, the encrypt function in classes/Tools.php utilizes MD5, concatenating a static cookie key with the...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 11:16 p.m.11 views

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS0.0012EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 9:45 p.m.20 views

CVE-2026-10295

SourceCodester Customer Review App 1.0 is affected. The vulnerability lies in review_app.py functions add_review, save_review, and get_all_reviews, where manipulating the name/comment argument leads to a local denial of service. The attack requires local access and a public exploit exists. Impact...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References6
OSV
OSV
added 2026/06/01 8:0 a.m.10 views

MAL-2026-5157 Malicious code in @tse-digital/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
Rows per page
Query Builder