Lucene search
K

482 matches found

CNNVD
CNNVD
added 2026/05/04 12:0 a.m.16 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

9.3CVSS6.1AI score0.04983EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.29 views

CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:24 p.m.7 views

CVE-2018-25308

Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 9:30 p.m.6 views

EUVD-2026-22041

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 p.m.12 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00161EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 6:10 p.m.4 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 6:10 p.m.17 views

CVE-2026-40038

CVE-2026-40038 affects Pachno 1.0.6, with a stored cross-site scripting (XSS) vulnerability. The issue arises from improper sanitization when user input is retrieved via Request::getRawParameter() or Request::getParameter(), allowing the injection of HTML/Script payloads into POST parameters acro...

7.2CVSS6AI score0.00161EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

Pachno 跨站脚本漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains a cross-site scripting vulnerability, which stems from improper cleaning of POST parameters. This vulnerability may lead to storage-based cross-site scripting attacks...

7.2CVSS5.6AI score0.00161EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.6 views

CVE-2026-22319

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...

4.9CVSS6.3AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 p.m.7 views

EUVD-2019-20018

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/24 12:30 p.m.6 views

EUVD-2019-20024

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

8.8CVSS6.3AI score0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/03/24 11:27 a.m.12 views

CVE-2019-25642

Bootstrapy CMS is affected by multiple SQL injection vulnerabilities that enable unauthenticated attackers to execute arbitrary SQL via POST parameters. Specifically, the thread_id parameter in forum-thread.php, the subject parameter in contact-submit.php, the post-id parameter in post-new-submit...

8.8CVSS6.3AI score0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 11:27 a.m.4 views

CVE-2019-25639 Matrimony Website Script M-Plus Multiple SQL Injection

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 11:27 a.m.7 views

CVE-2019-25639

Affected software : Matrimony Website Script M-Plus. Vulnerability : multiple SQL injection flaws allow unauthenticated attackers to manipulate queries by injecting SQL through POST parameters (txtGender, religion, Fage, cboCountry) in pages such as simplesearch_results.php, advsearch_results.php...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 8:16 a.m.10 views

CVE-2026-22319

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...

4.9CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 7:34 a.m.4 views

CVE-2026-22319 Stack-Based Buffer Overflow in File Install Parameter Handling

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...

4.9CVSS6.2AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.14 views

EUVD-2016-10819

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS6AI score0.00259EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25732

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References4
CVE
CVE
added 2026/03/15 6:34 p.m.20 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder