Lucene search
K

1438 matches found

EUVD
EUVD
added 2026/04/09 9:31 p.m.3 views

EUVD-2026-21184

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...

10CVSS7AI score0.02114EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:24 p.m.4 views

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

8.5CVSS6AI score0.00159EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/04/09 9:16 p.m.8 views

CVE-2026-5978

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. Th...

10CVSS0.01766EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:15 p.m.2 views

CVE-2026-5977

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...

10CVSS7AI score0.02114EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:45 a.m.1 views

CVE-2026-5850

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

10CVSS7AI score0.15952EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

LobeHub 安全漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained security vulnerabilities. These vulnerabilities stemmed from the WebAPI authentication layer, which trusted client control headers that had only been XOR-encrypted. This allowed...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.9 views

PT-2026-30955

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS6AI score0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:20 p.m.1 views

CVE-2026-35466 Stored XSS via unsanitized input from remote service

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

5.9AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:36 p.m.7 views

EUVD-2026-17952

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...

6.5CVSS6.1AI score0.00719EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:36 p.m.2 views

EUVD-2026-17955

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization...

8CVSS5.9AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:36 p.m.5 views

EUVD-2026-17913

TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cstemodules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially...

9.8CVSS6.7AI score0.00585EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

Cisco Integrated Management Controller 跨站脚本漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

4.8CVSS5.7AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29560

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS6.2AI score0.00549EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29554

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

4.8CVSS6.2AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 9:0 p.m.7 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References8
NVD
NVD
added 2026/03/31 3:15 a.m.3 views

CVE-2026-5177

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

8.8CVSS0.02404EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/25 11:49 p.m.2 views

CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/24 9:16 p.m.3 views

CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS6.4AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 8:2 p.m.5 views

CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 6:29 p.m.27 views

CVE-2026-32317 Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism...

7.6CVSS0.00062EPSS
Exploits0References2
Rows per page
Query Builder