Lucene search
K

22185 matches found

NVD
NVD
added 2026/01/19 12:15 p.m.4 views

CVE-2026-1152

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

9.8CVSS0.00299EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 11:32 a.m.6 views

CVE-2026-1152

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

9.8CVSS5.1AI score0.00299EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/19 11:32 a.m.7 views

CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

5.8CVSS5.3AI score0.00299EPSS
Exploits1References4
CVE
CVE
added 2026/01/19 11:32 a.m.18 views

CVE-2026-1152

The affected software is technical-laohu mpay (versions up to 1.2.4). A vulnerability in the QR Code Image Handler allows manipulation of the codeimg argument that leads to unrestricted file upload. This can be exploited remotely, and public exploits have been disclosed. Remediation per PSIRT/PT ...

9.8CVSS5.3AI score0.00299EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/19 11:32 a.m.22 views

CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

5.8CVSS0.00299EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/19 11:30 a.m.6 views

CVE-2026-1066

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

8.8CVSS5.3AI score0.0504EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 11:15 a.m.5 views

CVE-2026-1150

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

8.8CVSS5.7AI score0.0235EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/19 10:32 a.m.23 views

CVE-2026-1150 Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

6.5CVSS0.0235EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/19 10:29 a.m.11 views

CVE-2026-1144

A flaw was found in quickjs-ng. A remote attacker could exploit a use-after-free vulnerability within the Atomics Ops Handler component, specifically in the quickjs.c file. This manipulation could lead to arbitrary code execution, information disclosure, or a denial of service. The exploit for th...

8.8CVSS5.3AI score0.00349EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/01/19 10:2 a.m.4 views

CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

8.8CVSS5.3AI score0.02714EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/19 10:2 a.m.32 views

CVE-2026-1149

CVE-2026-1149 affects Totolink LR350; the flaw is in the POST Request Handler’s /cgi-bin/cstecgi.cgi, in the setDiagnosisCfg function. Crafted input to the ip argument enables remote command injection. Exploit is publicly available and could be used, per sources. Affected version: 9.3.5u.6369_B20...

8.8CVSS5.4AI score0.02714EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/19 8:16 a.m.8 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS6.1AI score
Exploits0References9
NVD
NVD
added 2026/01/19 8:16 a.m.12 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS0.00349EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:32 a.m.3 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS4.9AI score0.00349EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/19 7:32 a.m.2 views

CVE-2026-1144 quickjs-ng quickjs Atomics Ops quickjs.c use after free

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

7.5CVSS6AI score0.00349EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2026/01/19 7:32 a.m.4 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS6AI score0.00349EPSS
Exploits1References9
NVD
NVD
added 2026/01/19 2:15 a.m.7 views

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS0.0051EPSS
Exploits0References4
OSV
OSV
added 2026/01/19 2:15 a.m.2 views

CVE-2026-1131

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.6AI score0.0051EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 1:32 a.m.20 views

CVE-2026-1132

CVE-2026-1132 affects Yonyou KSOA 9.0. The vulnerability lies in the HTTP GET Parameter Handler, specifically the /kmf/edit_folder.jsp file, where manipulating the folderid argument enables SQL injection. The exploit appears to be public and exploitable remotely; there is no vendor response or co...

9.8CVSS6.5AI score0.0051EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/19 1:23 a.m.7 views

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...

9.8CVSS6.3AI score0.00478EPSS
Exploits1References1
Rows per page
Query Builder