Lucene search
K

13 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-27868

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...

6.9CVSS0.00394EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 8:13 a.m.5 views

CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

4.8CVSS5.4AI score0.00293EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 8:13 a.m.11 views

CVE-2026-27868

CVE-2026-27868 concerns the Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02). An attacker with network access to the device could disclose privilege information by calling the Version command through /upgrade/query.php?cmd=p+3&3Bversion, leading to information disclosure. The CVSS metrics indicat...

6.9CVSS5.3AI score0.00394EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/09 8:55 p.m.28 views

CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

9.1CVSS0.15339EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/02/18 7:32 p.m.5 views

CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20487

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/14 12:0 a.m.5 views

CampCodes Advanced Online Examination System SQL注入漏洞

CampCodes Advanced Online Examination System is an advanced online examination system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Advanced Online Examination System version 1.0, which stems from an incorrect manipulation of the parameter Username in the file...

9.8CVSS7.8AI score0.00333EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50615

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description An issue exists in Foxit PDF and Editor that may lead to information disclosure or memory corruption. This can occur when opening a...

3.3CVSS7.3AI score0.00147EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.5 views

PT-2025-49408

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add file query.php. The manipulation of the argument per file results in unrestricted upload. The attack may be launched remotely. The exploit has be...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/09/22 11:32 p.m.4 views

CVE-2025-10822 fuyang_lipengjun platform queryAll SysSmsLogController improper authorization

A vulnerability has been found in fuyanglipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and m...

5.3CVSS6.3AI score0.00325EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.5 views

Weitong Mall 授权问题漏洞

Weitong Mall Weitong Mall is a shopping mall system by fuyanglipengjun, an individual developer. An authorization issue vulnerability exists in Weitong Mall version 1.0, which originates from improper authorization of the BrandController function in the file /brand/queryAll, and could lead to a...

5.3CVSS4.9AI score0.00325EPSS
Exploits1References5
OSV
OSV
added 2023/04/17 1:15 p.m.5 views

CVE-2023-27733

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/syssqlquery.php...

7.2CVSS6.7AI score0.00791EPSS
Exploits1References2
CNVD
CNVD
added 2019/02/12 12:0 a.m.2 views

MyWebSQL Cross-Site Request Forgery Vulnerability

MyWebSQL is a web-based MySQL database management client from Samnan ur Rehman Software Developers. A cross-site request forgery vulnerability exists in MyWebSQL. An attacker can exploit this vulnerability to delete databases with the help of the /?q=wrkfrm&type=databases URI...

5.7CVSS6.7AI score0.00443EPSS
Exploits1References1
Rows per page
Query Builder