Lucene search
K

1197 matches found

Vulnrichment
Vulnrichment
added 2026/05/01 9:26 a.m.8 views

CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

9.8CVSS5.7AI score0.09246EPSS
Exploits3References7
Cvelist
Cvelist
added 2026/05/01 9:26 a.m.38 views

CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

9.8CVSS0.09246EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36485

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description The server authentication token is accepted via a GET parameter in the app/Http/Controllers/Server/UniProxyController.php file. This causes the token to be exposed in URLs, such as the endpoint...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/01 12:0 a.m.5 views

EUVD-2026-26668

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
CVE
CVE
added 2026/05/01 12:0 a.m.14 views

CVE-2026-37504

Affected software/versions: V2Board, prior to 1.7.5. Root cause: The server authentication token is accepted via a GET parameter in app/Http/Controllers/Server/UniProxyController.php, causing the token to appear in URLs like /api/v1/server/UniProxy/user?token=SECRET and be recorded in logs, histo...

7.5CVSS5.8AI score0.00286EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

BigBlueButton 输入验证错误漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.24 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection issue in the get-parameter and logoutURL...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 11:16 p.m.4 views

CVE-2026-41058

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

8.1CVSS0.00469EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:43 p.m.6 views

CVE-2026-41058

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

8.1CVSS5.9AI score0.00469EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/21 10:43 p.m.19 views

CVE-2026-41058

WWBN AVideo (open source video platform) is affected in versions 29.0 and below by an incomplete fix for a path-traversal issue in the CloneSite deleteDump parameter. The vulnerability allows an attacker to cause unlink() of arbitrary files via GET parameter ../../ sequences due to missing path-t...

8.1CVSS5.9AI score0.00469EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.4 views

CVE-2026-6488

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 2:0 a.m.30 views

CVE-2026-6595 ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument busid leads to sql...

7.5CVSS0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33690

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus id leads to sql...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/04/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS6.7AI score0.06996EPSS
In wildExploits4References26
EUVD
EUVD
added 2026/04/17 3:31 p.m.3 views

EUVD-2026-23427

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

7.5CVSS6.8AI score0.00325EPSS
Exploits0References5
NVD
NVD
added 2026/04/17 1:16 p.m.8 views

CVE-2026-6488

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be...

6.5CVSS0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/17 1:15 p.m.3 views

CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

7.5CVSS6.8AI score0.00325EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 12:45 p.m.3 views

CVE-2026-6488

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References4
CVE
CVE
added 2026/04/17 12:45 p.m.10 views

CVE-2026-6488

CVE-2026-6488 affects QueryMine sms, specifically the admin/editcourse.php code path under the GET Request Parameter Handler. The root cause is SQL injection triggered by manipulating the argument ID, allowing remote exploitation. Public exploit appears to be available; the disclosure notes rolli...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the GET request handler not properly returning values when necessary parameters were missing. This allowed the...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References1
Rows per page
Query Builder