Lucene search
K

25077 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 1:2 a.m.4 views

CVE-2026-3274 Tenda F453 httpd L7Prot frmL7ProtForm buffer overflow

A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS7.5AI score0.00937EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/27 1:2 a.m.28 views

CVE-2026-3274 Tenda F453 httpd L7Prot frmL7ProtForm buffer overflow

A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS0.00937EPSS
Exploits1References5
CVE
CVE
added 2026/02/27 1:2 a.m.21 views

CVE-2026-3274

CVE-2026-3274 affects Tenda F453 firmware version 1.0.0.3. The issue is in the httpd component, specifically the frmL7ProtForm function in /goform/L7Prot, where manipulating the argument page causes a buffer overflow. This can be exploited remotely over the network, and a public exploit is refere...

9CVSS8.5AI score0.00937EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:32 a.m.4 views

CVE-2026-3273 Tenda F453 httpd AdvSetWrlsafeset formWrlsafeset buffer overflow

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mitssidindex leads to buffer overflow. The attack can be executed remotely. The exploi...

9CVSS6.4AI score0.00632EPSS
Exploits1References5
CVE
CVE
added 2026/02/27 12:32 a.m.22 views

CVE-2026-3273

The affected product is Tenda F453 1.0.0.3. The vulnerability lies in the httpd component, specifically the function formWrlsafeset in /goform/AdvSetWrlsafeset, where manipulating the mit_ssid_index argument causes a buffer overflow. This can be triggered remotely and a public exploit exists. No ...

9CVSS8.8AI score0.00632EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.16 views

PT-2026-22340

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from...

9.3CVSS5.9AI score0.0047EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

Pro3W CMS SQL注入漏洞

Pro3W CMS is a content management system developed by the Polish company Pro3W. Version 1.2.0 of Pro3W CMS contains an SQL injection vulnerability. This vulnerability stems from improper handling of inputs in the login form, which could allow unauthenticated attackers to bypass authentication and...

9.3CVSS5.9AI score0.0047EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.7 views

CVE-2026-25743

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

7.2CVSS5.4AI score0.00165EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.6 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.5 views

CVE-2026-3167

A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The...

9CVSS6.1AI score0.00632EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2025-69231

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript tha...

8.7CVSS5.1AI score0.04197EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.7 views

CVE-2026-24847

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...

6.1CVSS5.6AI score0.00176EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 2:16 a.m.16 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS0.0026EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 1:30 a.m.15 views

CVE-2026-27943

OpenEMR (versions up to 8.0.0) contains an access control flaw in the eye_exam (eye_mag) view: data is loaded by form_id without verifying the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying a different for...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 1:30 a.m.26 views

CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:30 a.m.4 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/26 1:30 a.m.6 views

EUVD-2026-8812

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/26 1:30 a.m.4 views

CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2
OSV
OSV
added 2026/02/26 1:30 a.m.6 views

CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.9AI score0.0026EPSS
Exploits1References4
Rows per page
Query Builder