Lucene search
+L

106684 matches found

CVE
CVE
added yesterday38 views

CVE-2026-44974

CVE-2026-44974 affects the @hapi/content header parser. Before v6.0.2, Content.disposition() kept the last value for duplicate parameters while Content.type() kept the first for duplicate charset/boundary parameters, creating a parameter-smuggling primitive when duplicates are resolved inconsiste...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday4 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-8056 Parameter Injection Vulnerability in API Graph Execution Engine

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-8056

Summary: IBM Langflow OSS 1.0.0–1.10.0 contains a parameter injection vulnerability in the API Graph Execution Engine. A flaw in the parameter filtering logic in the apply_tweaks() function allows authenticated users to override component parameters at runtime via the tweaks API, potentially exec...

8.8CVSS5.3AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-9587

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-9585

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9587

CVE-2026-9587 describes an authenticated local file inclusion in Sangoma Switchvox SMB Edition 8.3 (104997). The issue resides in the play_file function where the sound_path input is not properly validated, allowing an attacker to supply absolute paths to read files outside the intended directory...

7.1CVSS5.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-9585

CVE-2026-9585 affects Sangoma Switchvox SMB Edition 8.3 (104997). The vulnerability is an unauthenticated reflected XSS in the portal parameter sent to invalid_browser and invalid_browser_login handlers, where user-supplied data is reflected into JavaScript, enabling attacker-controlled script ex...

8.6CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45203

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS5.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2024-23567

Technical details about CVE-2024-23567 are not publicly available in the provided documents. Monitor for updates from vendor advisories or trusted sources before assessing impact or remediation.

4.3CVSS5.3AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-16009

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score
Exploits0References6
Cvelist
Cvelist
added yesterday11 views

CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
Nuclei
Nuclei
added yesterday61 views

WAVLINK WN579X3 - Remote Command Execution

Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 route...

9.8CVSS5.8AI score0.0388EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday44 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS8.8AI score0.02041EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday160 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.6AI score0.08216EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday35 views

MapTiler Tileserver-php v2.0 - Unauthenticated XSS

MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter "layer" in an error message, letting unauthenticated attackers execute arbitrary script on victim browsers. id: CVE-2025-44136 info: name: MapTiler Tileserver-php v2.0 - Unauthenticated XSS...

9.8CVSS5.6AI score0.02507EPSS
Exploits2References2
Rows per page
Query Builder