Lucene search
K

7809 matches found

Cvelist
Cvelist
added 2026/06/29 9:45 a.m.34 views

CVE-2026-13556 itsourcecode Online Hotel Management System POST Request controller.php edit cross site scripting

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS0.00443EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53251

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description An OS command injection flaw exists in the POST Request Handler component. A remote attacker can exploit this by manipulating the submit-url argument within the formAccept function of the...

6.5CVSS7AI score0.01158EPSS
Exploits0References9
OSV
OSV
added 2026/06/27 3:48 a.m.7 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/26 6:56 p.m.16 views

CVE-2026-52784

CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....

8.8CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.9 views

CVE-2026-11820

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 7:53 p.m.5 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.37 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.10 views

CVE-2026-11820

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 7:17 p.m.8 views

CVE-2026-53753

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...

10CVSS0.0045EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:17 p.m.5 views

CVE-2026-53753

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...

9.8CVSS6.2AI score0.0045EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/06/22 9:4 p.m.21 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial-of-service vulnerability in POST /app/demo that lets authenticated users with org write permissions create unlimited demo apps without rate limiting or quotas. Each request can trigger around 138 database write operations, leading to degraded performance, h...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:31 a.m.9 views

EUVD-2026-38196

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 10:16 p.m.13 views

CVE-2026-12810

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS0.01158EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 10:16 p.m.13 views

CVE-2026-12809

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...

6.5CVSS0.01158EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:45 p.m.6 views

CVE-2026-12810

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/21 9:45 p.m.14 views

CVE-2026-12810

The CVE-2026-12810 entry describes a command-injection flaw in Edimax BR-6478AC V2 firmware version 1.23. The vulnerability affects the POST Request Handler’s function mp in /goform/mp, where manipulation of the argument command enables remote execution. Public exploit availability and a lack of ...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 9:45 p.m.20 views

CVE-2026-12810 Edimax BR-6478AC V2 POST Request mp command injection

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS0.01158EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 9:30 p.m.18 views

CVE-2026-12809

Edimax BR-6478AC V2 firmware 1.23 is affected by a command injection in the POST Request Handler, specifically in wiz_5in1_redirect (/goform/wiz_5in1_redirect) where manipulation of the newpass argument enables remote code execution. Attack vector is network-based and requires no user interaction...

6.5CVSS6.5AI score0.01158EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:45 p.m.8 views

EUVD-2026-38193

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack...

6.5CVSS6.4AI score0.01182EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 7:45 p.m.19 views

CVE-2026-12807 Edimax BR-6478AC V2 POST Request setWAN command injection

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack...

6.5CVSS0.01182EPSS
Exploits0References5
Rows per page
Query Builder