Lucene search
K

22164 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/09 9:32 a.m.6 views

CVE-2026-2226

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS5.2AI score0.00365EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/09 9:32 a.m.5 views

CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS5.2AI score0.00365EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/09 4:32 a.m.31 views

CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS0.00268EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 4:32 a.m.14 views

CVE-2026-2215

CVE-2026-2215 affects rachelos WeRSS we-mp-rss up to 1.4.8. The issue concerns improper handling in the JWT Handler’s core/auth.py where manipulating the SECRET_KEY can cause the system to fall back to a default cryptographic key. This enables remote exploitation under high complexity with a netw...

6.3CVSS4.7AI score0.00268EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/09 4:32 a.m.5 views

CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.7 views

CVE-2026-2209

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotel...

6.5CVSS6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.4 views

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.7AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.4 views

CVE-2026-2208

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended ...

6.5CVSS4.6AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.3 views

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.6 views

CVE-2026-2206

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

8.8CVSS6.1AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

WeRSS 安全漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the SECRETKEY parameter in the core/auth.py file of the JWT Handler component, which could lead to the us...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.5 views

PT-2026-7067

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET KEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7091

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS5.3AI score0.00365EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/08 7:22 p.m.12 views

CVE-2026-2107

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info...

8.8CVSS6.1AI score0.00326EPSS
Exploits1References1
NVD
NVD
added 2026/02/08 2:16 p.m.12 views

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

8.6CVSS0.03818EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/08 2:2 p.m.30 views

CVE-2026-2155 D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

8.6CVSS0.03818EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/08 2:2 p.m.6 views

EUVD-2026-5794

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

8.6CVSS6.8AI score0.03818EPSS
Exploits1References6
OSV
OSV
added 2026/02/08 8:15 a.m.5 views

CVE-2026-2141

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

8.8CVSS5.3AI score0.00362EPSS
Exploits1References4
NVD
NVD
added 2026/02/08 8:15 a.m.6 views

CVE-2026-2141

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

8.8CVSS0.00362EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/08 7:32 a.m.31 views

CVE-2026-2141 WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

6.5CVSS0.00362EPSS
Exploits1References4
Rows per page
Query Builder