6423 matches found
Dzzoffice 2.02.1 - Cross-Site Scripting
Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...
CVE-2026-15753 zhinianboke xianyu-auto-reply review approve trusting http permission methods on the server side
A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack ma...
Remote Desktop Client Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network...
CVE-2026-15672
A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-15598
The CVE affects antv layout 2.0.0, specifically the setNestedValue function in lib/util/object.js. A manipulation of the argument path can lead to prototype pollution, allowing remote modification of object prototype attributes. The advisory notes the attack can be launched remotely, with low att...
EUVD-2026-43294
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...
CVE-2026-15538
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...
Grandstream UCM6200 - SQL Injection
Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...
SAP Solution Manager 7.2 - Remote Command Execution
SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...
CVE-2026-15553
Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...
EUVD-2026-43262
A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...
EUVD-2026-43250
A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the...
EUVD-2026-43217
A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...
CVE-2026-15483 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...
EUVD-2026-43202
A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...
PT-2026-57528
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description A buffer overflow can be triggered remotely within the ssi component. The issue resides in the sub 41EC14 function located in the /goform/tools nslookup file. A buffer overflow occurs when a...
EUVD-2026-42757
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...
EUVD-2026-42660
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...
CVE-2026-15186
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...
EUVD-2026-42477
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...