CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

688 matches found

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS

Exploits1References2

Vulnrichment•added yesterday•5 views

CVE-2026-38581

6.3AI score

Exploits1References2

Nuclei•added 4 days ago•144 views

Telesquare TLR-2005KSH - Remote Command Execution

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through...

8.8CVSS6AI score0.93027EPSS

Exploits8References5

EUVD•added 2026/06/05 12:0 a.m.•5 views

EUVD-2026-34845

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.7AI score0.00039EPSS

Exploits1References2

ATTACKERKB•added 2026/06/05 12:0 a.m.•5 views

CVE-2026-38579

5.6AI score0.00039EPSS

Exploits1References3

GithubExploit•added 2026/06/04 10:24 p.m.•25 views

advisories

Security Advisories - 0dayscyber Public CVE advisories by Jac...

5.7AI score0.00039EPSS

Exploits1

RedhatCVE•added 2026/06/03 4:2 p.m.•6 views

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

7.4CVSS5.7AI score0.0002EPSS

Exploits0References1

NVD•added 2026/06/02 4:16 p.m.•9 views

CVE-2026-10629

7.4CVSS0.0002EPSS

Exploits0References2

ATTACKERKB•added 2026/06/02 2:35 p.m.•6 views

CVE-2026-10629

5.7AI score0.0002EPSS

Exploits0References2

CVE•added 2026/06/02 2:35 p.m.•13 views

CVE-2026-10629

CVE-2026-10629 concerns Verizon IMS SIP signaling lacking IPsec integrity protection. The SIP signaling stack (unspecified Verizon IMS version) reportedly sends SIP messages without ESP encapsulation or Security-Client/Security-Server headers, exposing REGISTER, INVITE, MESSAGE, BYE, UPDATE, and ...

7.4CVSS5.7AI score0.0002EPSS

Exploits0References2

Vulnrichment•added 2026/05/27 8:19 a.m.•6 views

CVE-2026-49002 Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

9.1CVSS5.8AI score0.0004EPSS

Exploits0References1

CVE•added 2026/05/27 8:19 a.m.•14 views

CVE-2026-49002

CVE-2026-49002 affects ZTE’s ZXUniPOS NDS-LTE product. The issue is a broken access control in the application that allows unauthorized users to access data beyond their permissions (e.g., viewing/modifying configuration information). CVSS metrics indicate a high-severity, network-exploitable fla...

9.1CVSS5.8AI score0.0004EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:33 a.m.•27 views

CVE-2026-49001 Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS0.00018EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:33 a.m.•6 views

CVE-2026-49001 Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

5.3CVSS5.8AI score0.00018EPSS

Exploits0References1

CVE•added 2026/05/27 7:33 a.m.•9 views

CVE-2026-49001

CVE-2026-49001 describes a CSRF vulnerability in the ZTE ZXUniPOS NDS-LTE product. The vulnerability allows an attacker to abuse a user’s authenticated session to forge unwanted requests, potentially tampering configuration data. According to the metrics, the exploit would have Network attack vec...

5.3CVSS5.8AI score0.00018EPSS

Exploits0References1

CVE•added 2026/05/27 3:38 a.m.•16 views

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

7CVSS5.9AI score0.00031EPSS

Exploits0References1

CVE•added 2026/05/27 2:25 a.m.•10 views

CVE-2026-48999

CVE-2026-48999 affects the ZTE ZXUniPOS NDS-LTE product. It is a Stored Cross-Site Scripting (XSS) vulnerability where attacker-supplied scripts are stored and executed in a user’s browser when loading affected pages. Impacts stated include cookie theft, session hijacking, and page content tamper...

5.7CVSS5.9AI score0.00033EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•5 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability arises from attackers carefully constructing malicious scripts and injecting them into target systems. When other users access pages...

5.7CVSS5.8AI score0.00033EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•7 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

7CVSS5.9AI score0.00031EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•5 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability stems from cross-site request forgery, which allows attackers to forge cross-site requests using authenticated user sessions, thereb...

5.3CVSS5.7AI score0.00018EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by