Lucene search
+L

310 matches found

Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.17 views

PT-2026-42920

A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument max Conn/timeOut leads to command injection. The attack...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.24 views

PT-2026-42881

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.27 views

PT-2026-41524

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS6.1AI score0.00331EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.19 views

PT-2026-39567

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI list create of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informe...

5.3CVSS5.4AI score0.00372EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/05/10 3:45 a.m.8 views

CVE-2026-8227

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. T...

6.5CVSS6.4AI score0.04944EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 7:15 a.m.7 views

CVE-2026-7743

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.16 views

PT-2026-36622

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/05/01 3:15 p.m.14 views

CVE-2026-7585

Open5GS AMF vulnerable through function amf_nudm_sdm_handle_provisioned in /src/amf/nudm-handler.c (Open5GS

5.3CVSS5.5AI score0.00341EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/04/28 6:0 a.m.8 views

EUVD-2026-26000

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

4.8CVSS5AI score0.00238EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/28 12:15 a.m.6 views

EUVD-2026-25961

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

10CVSS8.3AI score0.02448EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 9:30 p.m.15 views

EUVD-2026-25927

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

9CVSS7.8AI score0.03269EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:45 p.m.4 views

CVE-2026-7137

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack ...

10CVSS5.2AI score0.01766EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/27 1:14 p.m.8 views

JLSEC-2026-191

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFileQuake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attac...

7.8CVSS4.4AI score0.00221EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 12:30 a.m.34 views

CVE-2026-7071 CodeAstro Online Job Portal user-cvs file information disclosure

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35390

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function check auth of the file gateway/platforms/api server.py of the component API SERVER KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely...

6.3CVSS5AI score0.0036EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35418

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack c...

10CVSS8.2AI score0.01766EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:15 p.m.2 views

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:30 a.m.4 views

CVE-2026-6621

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS5.4AI score0.00336EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/19 8:30 a.m.35 views

CVE-2026-6563 H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

9CVSS0.00481EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/13 9:30 p.m.4 views

EUVD-2026-22118

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

5.3CVSS5.4AI score0.00683EPSS
Exploits0References7
Rows per page
Query Builder