Lucene search
K

309 matches found

ATTACKERKB
ATTACKERKB
•added 2026/04/10 6:15 a.m.•6 views

CVE-2026-6028

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...

10CVSS7AI score0.02981EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
•added 2026/04/10 12:0 a.m.•6 views

PT-2026-31832

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow occurs due to the manipulation of the page argument within the fromP2pListFilter function located in the '/goform/P2pListFilter' file. This issue allows for remote...

9CVSS7.6AI score0.00511EPSS
Exploits0References10
CVE
CVE
•added 2026/04/09 1:0 a.m.•20 views

CVE-2026-5828

CVE-2026-5828 affects code-projects Simple IT Discussion Forum 1.0 . The vulnerability is in an unknown function in /functions/addcomment.php where manipulation of the postid parameter enables SQL injection . Exploitation is feasible remotely with a network attack and requires no privileges or us...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/04/09 12:0 a.m.•6 views

PT-2026-31588

Name of the Vulnerable Software and Affected Versions Tenda i12 version 1.0.0.113862 Description A path traversal issue exists in the HTTP Handler component of Tenda i12 version 1.0.0.113862. A remote attacker can exploit this by manipulating the system, potentially leading to unauthorized access...

9.8CVSS7AI score0.00632EPSS
Exploits1References9
RedhatCVE
RedhatCVE
•added 2026/04/07 11:1 p.m.•5 views

CVE-2026-5691

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS6.7AI score0.01167EPSS
Exploits0References1
NVD
NVD
•added 2026/04/05 11:16 a.m.•8 views

CVE-2026-5561

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

6.5CVSS0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/04/01 12:0 a.m.•12 views

PT-2026-29652

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.26 Description A flaw exists in Nothings stb, specifically within the stbtt buf get8 function located in the stb truetype.h library of the TTF File Handler component. This issue can lead to an out-of-bounds read...

8.8CVSS5.6AI score0.00506EPSS
Exploits1References14
CVE
CVE
•added 2026/03/31 5:30 p.m.•9 views

CVE-2026-5206

CVE-2026-5206 affects: code-projects Simple Gym Management System 1.0, specifically the unknown code in the Payment Handler . The issue is a SQL injection caused by manipulation of the arguments Payment_id, Amount, customer_id, payment_type, and customer_name. The vulnerability allows remote expl...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
•added 2026/03/30 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-5037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing ...

4.8CVSS6.1AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/29 9:30 a.m.•5 views

EUVD-2026-16979

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00389EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/03/28 12:0 a.m.•4 views

PT-2026-28713

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A cross site scripting issue exists in the file frontend/public/annotator/index.html of the Window Message Event Handler component. This manipulation can be initiated remotely and the exploit has bee...

5.1CVSS5AI score0.00191EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/03/26 3:15 p.m.•4 views

CVE-2026-4207

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

9.8CVSS6.3AI score0.03774EPSS
Exploits1References1
CVE
CVE
•added 2026/03/26 6:59 a.m.•17 views

CVE-2026-4848

CVE-2026-4848 affects dameng100 muucmf 1.9.5.20260309. The vulnerability is in an unknown function of /admin/extend/list.html, where manipulating the Name parameter can cause cross-site scripting. Exploitation is remote, with a publicly disclosed exploit and PoC maturity indicated. No remediation...

5.3CVSS4AI score0.00269EPSS
Exploits0References4
NVD
NVD
•added 2026/03/23 12:16 a.m.•9 views

CVE-2026-4564

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

5.8CVSS0.00316EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/03/20 7:32 p.m.•5 views

CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

7.5CVSS6.7AI score0.03201EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
•added 2026/03/20 2:2 a.m.•3 views

CVE-2026-4466

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

5.8CVSS5.3AI score0.02479EPSS
Exploits0References4Affected Software1
EUVD
EUVD
•added 2026/03/16 3:30 p.m.•4 views

EUVD-2026-12286

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

9CVSS6.3AI score0.00793EPSS
Exploits1References6
Vulnrichment
Vulnrichment
•added 2026/03/15 7:2 p.m.•9 views

CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References4
OSV
OSV
•added 2026/03/11 1:16 p.m.•10 views

CVE-2026-3944

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

9.8CVSS5.8AI score0.00434EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/03/11 12:0 a.m.•8 views

PT-2026-24668

🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

9.8CVSS7AI score0.00434EPSS
Exploits1References9
Rows per page
Query Builder