Lucene search
K

217 matches found

CNNVD
CNNVD
added 2026/04/10 12:0 a.m.5 views

WordPress plugin Webling 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00277EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30708

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in authentication helper execution. Helper configuration values are...

9.8CVSS6.1AI score0.00596EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/04/03 3:33 a.m.5 views

Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...

7.2CVSS6AI score0.00289EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/03/30 6:31 p.m.2 views

EUVD-2026-17129

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.3 views

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/11 3:43 a.m.4 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References5
OSV
OSV
added 2026/03/11 12:9 a.m.4 views

GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

8.5CVSS6.5AI score0.00712EPSS
Exploits1References5
OSV
OSV
added 2026/03/10 6:18 p.m.4 views

CVE-2026-25570

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 p.m.6 views

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

9.8CVSS0.01704EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/27 9:31 p.m.8 views

EUVD-2018-21615

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.1AI score0.00404EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

openDCIM 操作系统命令注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation or cleanup of user input in the reportnetworkmap.php file, which may...

9.8CVSS5.8AI score0.05648EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/02/26 12:0 a.m.24 views

CVE-2025-56605

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:5 p.m.4 views

CVE-2026-25814

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

9.3CVSS5.4AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2026/01/27 5:16 p.m.5 views

CVE-2025-65264

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...

5.5CVSS0.00177EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

ALGO 8180 IP Audio Alerter: Cross-site scripting vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a cross-site scripting vulnerability. This vulnerability stems from the lack of validation of user input during the system log viewing function, which may lead to storage-based cross-site...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3554

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter...

5.1CVSS5.5AI score0.00262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/12 11:28 a.m.6 views

CVE-2025-40977 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

5.1CVSS5AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.5 views

CVE-2023-40800

The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...

8.8CVSS7.4AI score0.00787EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.14 views

CVE-2025-66203

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

9.9CVSS7.5AI score0.00671EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/12/10 12:0 a.m.157 views

📄 YOURLS 1.8.2 SQL Injection

Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...

7.4CVSS8.2AI score0.01994EPSS
Exploits5
Rows per page
Query Builder