Lucene search
K

149 matches found

Cvelist
Cvelist
added 2026/02/06 4:2 a.m.27 views

CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

NanoCMS 安全漏洞

NanoCMS is a lightweight content management system developed by kalyan02. Versions of NanoCMS prior to 0.4 contained security vulnerabilities, which were caused by incorrect handling of the file/data/pagesdata.txt, potentially leading to direct requests...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.5 views

ALGO 8180 IP Audio Alerter security vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability; this vulnerability stems from the web-based user interface, which allows direct requests for URLs, potentially leading to information leakage...

7.5CVSS6AI score0.00659EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.8 views

CVE-2022-42953

Certain ZKTeco products ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 ZEM500-510-560-760, ZEM600-800, ZEM720 and 15.00 ZMM200-220-210. The...

7.5CVSS6.6AI score0.04834EPSS
Exploits5References1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.5 views

OneUptime 授权问题漏洞

OneUptime is a comprehensive solution from OneUptime Open Source. for monitoring and managing your online services. An authorization issue vulnerability exists in OneUptime version 9.0.5598 that stems from a low-privileged user being able to create a new account via a direct API request, which...

8.8CVSS6.4AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 2025/11/25 7:15 p.m.5 views

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

9.8CVSS0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48071

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

6.9AI score0.00332EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/28 9:17 a.m.9 views

EUVD-2025-36443

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

7.6CVSS6.3AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2005-4866

Malware in sbrugna...

7.5CVSS6.4AI score0.01393EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-16632

Malware in sbrugna...

5.3CVSS5.5AI score0.0072EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0914

Malware in sbrugna...

5CVSS6.4AI score0.01336EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-5366

Malware in sbrugna...

5CVSS6.4AI score0.01118EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-2661

Malware in sbrugna...

5CVSS6.4AI score0.01566EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1274

Malware in sbrugna...

5CVSS6.4AI score0.01388EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/05 3:32 a.m.4 views

CVE-2025-11280 Frappe LMS Assignment Picture files direct request

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

6.3CVSS6.1AI score0.00445EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25746

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 1:16 p.m.17 views

CVE-2025-59797

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...

5.8CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.11 views

CVE-2025-59797

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...

5.8CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2025/09/12 5:15 a.m.5 views

CVE-2025-10287

A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from remote. A high complexi...

3.1CVSS0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.8 views

PT-2025-37285

Name of the Vulnerable Software and Affected Versions: roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40 Description: A vulnerability exists in roncoo-pay that allows for direct request manipulation. The issue is related to the /auth/orderQuery file and an unknown function...

3.1CVSS3.9AI score0.00226EPSS
Exploits0References7
Rows per page
Query Builder