Lucene search
K

27 matches found

Cvelist
Cvelist
added yesterday22 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 3:40 a.m.12 views

CVE-2026-12486

GeoVision GV-I/O Box 4E (2.09) is affected by OS command injection in libNetSetObj.so, specifically CNetSetObj::m_F_n_Set_IP_Addr, which builds and executes a shell command via system("/sbin/ifconfig ..."). The flaw is reachable from network-exposed DVRSearch and Network.cgi endpoints, enabling r...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:8 p.m.14 views

Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

5.7AI score
Exploits0References2
NVD
NVD
added 2026/04/10 7:16 p.m.8 views

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/04/10 6:23 p.m.23 views

CVE-2026-33703

CVE-2026-33703 affects Chamilo LMS prior to version 2.0.0-RC.3. An Insecure Direct Object Reference (IDOR) vulnerability exists in the /social-network/personal-data/{userId} endpoint, allowing any authenticated user to access full personal data and API tokens of arbitrary users by altering the us...

7.1CVSS6AI score0.00174EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32016

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId API endpoint. An authenticated user can...

7.1CVSS6AI score0.00174EPSS
Exploits0References4
NVD
NVD
added 2026/02/22 5:16 a.m.6 views

CVE-2026-2928

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched...

9CVSS0.00495EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/17 3:22 a.m.7 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

5.5CVSS6.5AI score0.00213EPSS
Exploits2References1
Snyk
Snyk
added 2025/12/18 7:45 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...

8.8CVSS5.8AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52290

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in the omec-project UPF pfcpiface component that can lead to a denial-of-service condition. Specifically, a crafted PFCP Session Establishment Request, containing a malformed...

7.5CVSS6.3AI score0.00347EPSS
Exploits1References4
CVE
CVE
added 2025/12/04 12:0 a.m.15 views

CVE-2025-54306

Summary: CVE-2025-54306 affects Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability arises from insufficient input validation in the network configuration flow accessed via /admin/network. User-controlled data is written to environment variables by Bash sc...

7.2CVSS8.2AI score0.00708EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.2 views

CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

8.2AI score0.00708EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.9 views

PT-2025-49043

Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite Django application version 5.18.1 Description A remote code execution issue exists in the network configuration functionality due to inadequate input validation when handling network configuration parameters via...

7.2CVSS8.1AI score0.00708EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.3 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS6.2AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.3 views

EUVD-2025-198895

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS5.8AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2025/11/24 12:0 a.m.3 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS6.2AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.4 views

PT-2025-47932

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

5.4CVSS6.3AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47933

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

6.3AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

0.0021EPSS
Exploits0References2
Rows per page
Query Builder