Lucene search
K

275 matches found

NVD
NVD
added 2026/04/26 10:17 p.m.6 views

CVE-2018-25284

HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trigger a denial of service by entering a 6000-byte payload through the File Options Save dialog's...

6.9CVSS0.00182EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/25 7:15 p.m.40 views

CVE-2026-6995 BDCOM P3310D New User index.asp cross site scripting

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

4.8CVSS0.00245EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/11 3:1 p.m.110 views

Exploit for CVE-2026-39866

CVE-2026-39866 — Command Injection via unquoted workflow dispa...

6.1AI score0.02349EPSS
Exploits2
Cvelist
Cvelist
added 2026/04/09 3:38 p.m.25 views

CVE-2026-39941 ChurchCRM has an XSS vulnerability

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

5.3CVSS0.00263EPSS
Exploits1References3
OSV
OSV
added 2026/04/06 9:25 p.m.4 views

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.7CVSS7.5AI score0.00994EPSS
Exploits1References5
NVD
NVD
added 2026/04/06 5:17 p.m.11 views

CVE-2026-34989

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS0.00297EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 4:25 p.m.2 views

CVE-2026-34989 CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS5.8AI score0.00297EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 31.0.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when users updated their profile names, which could lead to...

9.4CVSS5.7AI score0.00297EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.10 views

PT-2026-30745

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2025.03 through 2025.12.01 Description An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the...

8.8CVSS6.2AI score0.00994EPSS
Exploits1References10
Veracode
Veracode
added 2026/04/04 5:24 a.m.11 views

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

9.4CVSS5.9AI score0.00297EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.3 views

CVE-2026-34559

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

9.1CVSS5.7AI score0.00324EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 10:16 p.m.6 views

CVE-2026-34559

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

9.1CVSS0.00324EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:20 p.m.1 views

CVE-2026-34559

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

9.1CVSS5.7AI score0.00324EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/27 4:16 p.m.6 views

CVE-2026-30527

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Whe...

5.4CVSS0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.22 views

CVE-2026-30527

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Whe...

0.00229EPSS
Exploits1References1
CVE
CVE
added 2026/03/25 6:49 p.m.23 views

CVE-2026-27602

Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...

7.2CVSS5.9AI score0.00566EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/25 6:49 p.m.5 views

CVE-2026-27602 Modoboa has an OS Command Injection

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS6AI score0.00566EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/22 3:31 p.m.4 views

EUVD-2019-19934

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS6AI score0.00192EPSS
Exploits1References4
NVD
NVD
added 2026/03/22 2:16 p.m.5 views

CVE-2019-25596

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS0.00192EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:38 p.m.3 views

CVE-2019-25596

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS6AI score0.00192EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder