Lucene search
K

7809 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.12 views

PT-2026-36128

Name of the Vulnerable Software and Affected Versions Synway SMG Gateway Management Software affected versions not specified Description An OS command injection flaw exists in the RADIUS configuration endpoint '/en/9-2radius.php'. The issue occurs because the radius address POST parameter is spli...

9.8CVSS6.4AI score0.05727EPSS
Exploits1References14
EUVD
EUVD
added 2026/04/29 8:37 a.m.6 views

EUVD-2026-26199

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

10CVSS6.2AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:37 a.m.3 views

CVE-2026-3325

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

10CVSS6.2AI score0.00267EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/29 8:37 a.m.16 views

CVE-2026-3325

MegaCMS v12.0.0 is affected by a SQL injection in the /web_comunications/cms/get_provincias endpoint, via the POST parameter id_territorio after the registration form submission. The vulnerability stems from insufficient validation/sanitisation of user input, allowing an unauthenticated attacker ...

10CVSS6.2AI score0.00267EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/28 10:39 p.m.13 views

FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

5.3CVSS5.2AI score0.0033EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.4 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 3:16 p.m.10 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35433

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00366EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 12:0 a.m.7 views

EUVD-2026-25855

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.5 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.30 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 12:17 p.m.7 views

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS0.0059EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/24 12:0 a.m.3 views

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function. The impacted product could be end-of-life EoL and/or end-of-service EoS...

7.2CVSS8.9AI score0.87239EPSS
In wildExploits1
Cvelist
Cvelist
added 2026/04/23 8:59 p.m.37 views

CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

SWUpdate 缓冲区错误漏洞

SWUpdate is an embedded Linux system update tool developed by Stefano Babic. SWUpdate has a buffer error vulnerability, which stems from an integer underflow in the multipart upload parser in the mongoosemultipart.c file. This vulnerability allows unauthenticated attackers to cause...

8.2CVSS6AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 12:16 a.m.6 views

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 11:47 p.m.45 views

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-41191

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 5:9 p.m.7 views

EUVD-2026-24197

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:9 p.m.3 views

CVE-2026-41191

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder