Lucene search
K

22180 matches found

CVE
CVE
added 2026/01/26 4:32 a.m.19 views

CVE-2026-1419

CVE-2026-1419 affects D-Link DCS700l 1.03.09. The issue is a command-injection in the Web Form Handler’s setDayNightMode, triggered by manipulating LightSensorControl. It can be exploited remotely and exploit code is publicly available. Affected component, root cause, and impact are described; no...

7.2CVSS5.4AI score0.15138EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/26 2:15 a.m.5 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

9.8CVSS0.02801EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/26 1:32 a.m.40 views

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS0.02801EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:32 a.m.5 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/26 1:15 a.m.5 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS5.6AI score0.03946EPSS
Exploits1References4
NVD
NVD
added 2026/01/26 1:15 a.m.4 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS0.03946EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:2 a.m.2 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

7.5CVSS5.6AI score0.03946EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/26 1:2 a.m.3 views

EUVD-2026-4686

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

7.5CVSS5.6AI score0.03946EPSS
Exploits1References4
CVE
CVE
added 2026/01/26 1:2 a.m.15 views

CVE-2026-1412

Sangfor Operation and Maintenance Security Management System (up to version 3.0.12) is affected by a command injection in the HTTP POST Request Handler, specifically the /fort/audit/get_clip_img function. Exploiting manipulation of the frame/dirno argument enables remote code execution, with the ...

9.8CVSS7.3AI score0.03946EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4722

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...

5.8CVSS5.6AI score0.15138EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.13 views

PT-2026-4729

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

5.8CVSS5.5AI score0.0043EPSS
Exploits1References6
NVD
NVD
added 2026/01/25 12:15 p.m.9 views

CVE-2026-1406

A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirec...

5.1CVSS0.00228EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/25 12:2 p.m.7 views

EUVD-2026-4641

A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirec...

5.1CVSS4.8AI score0.00228EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/25 12:2 p.m.4 views

CVE-2026-1406 lcg0124 BootDo Host Header AccessControlFilter.java redirectToLogin

A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirec...

5.1CVSS5.5AI score0.00228EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/25 12:2 p.m.3 views

CVE-2026-1406

A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirec...

5.1CVSS5.5AI score0.00228EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/01/25 2:3 a.m.251 views

Exploit for Improper Input Validation in Intel Ethernet_Diagnostics_Driver_Iqvw32.Sys

iqvw64e-privilege-escalation CVE-2015-2291 Local Privilege Esc...

8.8CVSS6.2AI score0.57474EPSS
Exploits23
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.9 views

PT-2026-4648

A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirec...

5.1CVSS5.2AI score0.00228EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/24 12:27 p.m.4 views

CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS5.9AI score0.00669EPSS
Exploits0References2
NVD
NVD
added 2026/01/24 3:16 a.m.6 views

CVE-2026-24469

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

7.5CVSS0.00589EPSS
Exploits0References1
CVE
CVE
added 2026/01/24 1:50 a.m.14 views

CVE-2026-24469

CVE-2026-24469 concerns the C++ HTTP Server (versions 1.0 and below) with a path traversal vulnerability in RequestHandler::handleRequest. The issue stems from failing to sanitize the user-controlled URL path filename before concatenating it to the files_directory base path, enabling an unauthent...

7.5CVSS5.8AI score0.00589EPSS
Exploits0References1
Rows per page
Query Builder