Lucene search
K

300 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45549

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.5AI score0.0023EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.41 views

CVE-2026-9517 hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

7.5CVSS0.0039EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.12 views

PT-2026-43112

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom id can lead to improper authorization...

6.5CVSS6.4AI score0.00272EPSS
Exploits0References7
CVE
CVE
added 2026/05/24 8:15 p.m.27 views

CVE-2026-9396

The CVE-2026-9396 entry concerns Besen BS20 EV Charging Station firmware (up to 20260426). Affected component: Firmware Version Check. The vulnerability is caused by an issue in the UI layer rendering, where manipulation can cause improper restriction of rendered UI layers. The attack is describe...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References4
NVD
NVD
added 2026/05/24 5:16 a.m.9 views

CVE-2026-9352

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...

6.9CVSS0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.8 views

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 9:16 a.m.13 views

CVE-2026-8242

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

6.3CVSS0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

8.1CVSS5.4AI score0.00234EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/04 2:30 a.m.9 views

EUVD-2026-26877

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

7.5CVSS6.5AI score0.00421EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36752

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.22 Description Improper authentication in the Health Check API allows a remote attacker to perform a manipulation. This issue specifically impacts the endswith function within the '/api/health' endpoint...

6.9CVSS6.1AI score0.00453EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.21 views

PT-2026-36754

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.28.dev2 Description A time-of-check time-of-use TOCTOU issue exists in the validate restricted url function of the Webhook/Notification component. This flaw allows a remote attacker to manipulate the...

5CVSS5.9AI score0.0025EPSS
Exploits0References11
NVD
NVD
added 2026/05/02 2:16 p.m.7 views

CVE-2026-7631

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has be...

5.5CVSS0.00225EPSS
Exploits0References5
NVD
NVD
added 2026/05/02 8:16 a.m.8 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

8.1CVSS0.00234EPSS
Exploits1References4
OSV
OSV
added 2026/04/27 9:31 p.m.7 views

GHSA-H7XC-4MV8-59FJ mcp-url-downloader has a Server-Side Request Forgery issue

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.3CVSS6.7AI score0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/04/27 9:15 a.m.7 views

CVE-2026-7109

CVE-2026-7109 affects code-projects Invoice System (Laravel 1.0) with a vulnerability in the API Endpoint item/file that enables improper authorization. The underlying issue is exploitable remotely; multiple sources note public exposure and PoC-like exploitation. No specific patch/version remedia...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:45 a.m.7 views

EUVD-2026-25780

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.7 views

PT-2026-35388

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

6.9CVSS5.4AI score0.00286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35360

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/26 6:45 a.m.33 views

CVE-2026-7024 rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal

A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...

5.5CVSS0.00372EPSS
Exploits0References4
Rows per page
Query Builder