Lucene search
K

7797 matches found

Cvelist
Cvelist
added 2026/01/28 11:52 a.m.28 views

CVE-2025-59892 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:52 a.m.3 views

CVE-2025-59892

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS6AI score0.00127EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/28 11:52 a.m.4 views

CVE-2025-59892 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS6AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 11:52 a.m.13 views

CVE-2025-59892

Cross-Site Request Forgery (CSRF) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: lack of proper CSRF token implementation allows an authenticated user to cause actions on behalf of another user. Practical impact includes unauthentica...

8.5CVSS6AI score0.00127EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/28 11:52 a.m.4 views

CVE-2025-59891 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 11:52 a.m.10 views

CVE-2025-59891

CVE-2025-59891 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The root cause is lack of proper CSRF token handling, enabling an authenticated attacker to coerce other users to perform actions in the app (e.g., via POST to /setup_login?...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/01/28 11:52 a.m.33 views

CVE-2025-59891 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 11:52 a.m.4 views

EUVD-2025-206489

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 9:11 p.m.23 views

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

8.1CVSS0.00408EPSS
Exploits1References2
NVD
NVD
added 2026/01/27 12:15 p.m.5 views

CVE-2025-12387

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

6.9CVSS0.00659EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.7 views

Pix-Link LV-WR21Q code issue and vulnerability

The Pix-Link LV-WR21Q is a wireless router produced by the Chinese company Pix-Link. The Pix-Link LV-WR21Q has a code vulnerability, which stems from improper handling of the language module. This vulnerability could allow remote attackers to trigger a denial-of-service attack through a specially...

6.9CVSS5.9AI score0.00659EPSS
Exploits0References4
CVE
CVE
added 2026/01/26 2:2 a.m.13 views

CVE-2026-1414

CVE-2026-1414 affects Sangfor Operation and Maintenance Security Management System (up to version 3.0.12). The vulnerability resides in the HTTP POST Request Handler for /equipment/get_Information, where tampering with the fortEquipmentIp argument can trigger a command injection. The issue can be...

9.8CVSS6.5AI score0.04451EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/26 1:32 a.m.40 views

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS0.02801EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:32 a.m.5 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/26 1:32 a.m.6 views

EUVD-2026-4687

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/26 1:32 a.m.5 views

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4
CVE
CVE
added 2026/01/26 1:32 a.m.14 views

CVE-2026-1413

Sangfor Operation and Maintenance Security Management System up to 3.0.12 contains a command injection in the HTTP POST Request Handler’s portValidate function, located in /fort/ip_and_port/port_validate. An attacker can remotely manipulate the port argument to execute arbitrary commands. Multipl...

9.8CVSS5.5AI score0.02801EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/26 1:15 a.m.4 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS0.03946EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/26 1:2 a.m.36 views

CVE-2026-1412 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

7.5CVSS0.03946EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:2 a.m.2 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

7.5CVSS5.6AI score0.03946EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder