Lucene search
K

61344 matches found

CVE
CVE
added yesterday8 views

CVE-2026-15595

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has...

5.3CVSS4.8AI score
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15524

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS0.00137EPSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-15515

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS0.00116EPSS
Exploits0References5
CVE
CVE
added yesterday21 views

CVE-2026-15518

AREA 17 Twill CMS

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added yesterday8 views

EUVD-2026-43260

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added yesterday9 views

EUVD-2026-43252

A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function systemwluploadpicfile of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to...

10CVSS6.7AI score0.0269EPSS
Exploits0References6
EUVD
EUVD
added yesterday9 views

EUVD-2026-43251

A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-43247

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS6.6AI score0.00184EPSS
Exploits0References7
CVE
CVE
added yesterday12 views

CVE-2026-15515

The CVE-2026-15515 entry concerns Tencent PC Manager (version 18.1.30242.301) and its QMUDisk Driver component, specifically the qmudisk64.sys library. The vulnerability is described as an uncontrolled search path issue in the QMUDisk Driver, exploitable only via a local attack. The description n...

7.3CVSS6.3AI score0.00116EPSS
Exploits0References5
CVE
CVE
added 2 days ago14 views

CVE-2026-15509

Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-15492

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS0.00422EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43219

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS6.6AI score0.00394EPSS
Exploits0References5
CVE
CVE
added 2 days ago11 views

CVE-2026-15497

Affected software / component: SonicCloudOrg sonic-agent (up to 2.7.2), specifically the JWT Authentication Filter in the ExchangeController.java path. Vulnerability: code injection vulnerability reported as enabling a remote attacker to manipulate code execution. Impact (per docs): remote exploi...

7.5CVSS6.6AI score0.00394EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-15495

The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43214

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS4.6AI score0.00422EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43198

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43194

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-15472 Eleveo Call Recording Software composeEmailAction.do improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00207EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-15470

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...

5.3CVSS0.00207EPSS
Exploits0References5
Rows per page
Query Builder