Lucene search
K

41189 matches found

Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35669

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

6.5CVSS6.5AI score0.00233EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35732

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete expired of the file /ajax.php?action=delete expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit i...

5.8CVSS5.1AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35813

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete category of the file /admin/ajax.php?action=delete category. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public an...

5.8CVSS5AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35574

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

7.5CVSS5.2AI score0.00429EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35653

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS7AI score0.00298EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35586

A vulnerability was detected in ef10007 MLOps MCP 1.0.0. This impacts an unknown function of the file fastmcp server.py of the component save file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now...

7.5CVSS5AI score0.00411EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35741

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save expired of the file /ajax.php?action=save expired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

5.8CVSS5.1AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35733

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub 414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

9CVSS8.6AI score0.0069EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35751

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

6.5CVSS6.2AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35654

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

5.1CVSS3.7AI score0.00232EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35662

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete menu of the file /admin/ajax.php?action=delete menu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter Name in the savesettings function located...

4.8CVSS5.6AI score0.00206EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 12:0 a.m.34 views

CVE-2026-40356

MIT Kerberos 5 (krb5) before 1.22.3 is affected by an integer underflow that causes an out-of-bounds read when an application calls gss_accept_sec_context() on systems with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, potentially causing the...

5.9CVSS5.5AI score0.0046EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35832

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function get context file path of the file src/execution system mcp/server.py of the component add action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated...

7.5CVSS7.1AI score0.0053EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35827

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get doc path of the file src/spire doc mcp/api/base.py. Performing a manipulation of the argument document name results in path traversal. The attack can be initiated remotely. The exploit is now public...

7.5CVSS7.2AI score0.0041EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.12 views

PT-2026-35585

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes mcp.py. The manipulation of the argument root dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...

7.5CVSS5.1AI score0.0041EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/27 11:45 p.m.4 views

CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

10CVSS8.1AI score0.02448EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 11:45 p.m.7 views

EUVD-2026-25959

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

10CVSS8.1AI score0.02448EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 11:30 p.m.7 views

EUVD-2026-25955

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.3CVSS3.6AI score0.0028EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:30 p.m.8 views

CVE-2026-7200

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.3CVSS3.9AI score0.0028EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder