Lucene search
K

3210 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a path traversal vulnerability. This vulnerability stems from improper handling of the Name parameter in the/api/skills/delete file within the API Endpoint...

5.5CVSS5.6AI score0.00372EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.11 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability arises from the operation of the formPortFw function in the file/goform/formPortFw, where the parameter servername caus...

9CVSS7.7AI score0.00463EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 5:16 p.m.18 views

CVE-2026-10126

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

9CVSS0.00753EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:17 p.m.15 views

CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS0.00447EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/30 8:0 a.m.10 views

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

4.8CVSS4AI score0.00206EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/30 8:0 a.m.43 views

CVE-2026-10112 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

4.8CVSS0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/30 8:0 a.m.15 views

CVE-2026-10112 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

4.8CVSS4AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/29 6:59 p.m.37 views

CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 12:30 a.m.15 views

EUVD-2026-31776

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...

5.3CVSS5.7AI score0.00336EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.17 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:45 p.m.9 views

CVE-2026-9471

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.26 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.7 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 11:45 a.m.12 views

CVE-2026-9455

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS6.9AI score0.01909EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/25 11:30 a.m.13 views

EUVD-2026-31670

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The...

10CVSS5.6AI score0.01909EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 11:16 a.m.21 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS0.00319EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 9:45 a.m.22 views

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

7.5CVSS6.9AI score0.00319EPSS
Exploits0References5
Rows per page
Query Builder