Lucene search
K

88852 matches found

CVE
CVE
added 2026/01/04 9:2 a.m.19 views

CVE-2026-0576

CVE-2026-0576 affects code-projects Online Product Reservation System 1.0, specifically the Parameter Handler’s /handgunner-administrator/prod.php. The vulnerability arises from manipulating the arguments cat/price/name/model/serial within that file, resulting in an SQL injection vulnerability. T...

9.8CVSS7.2AI score0.00374EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/04 12:0 a.m.7 views

PT-2026-1199

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions prior to 20251224 Description A flaw exists in Seeyon Zhiyuan OA Web Application System. The issue involves the manipulation of the unitCode argument within an unknown function of the file...

9.8CVSS6.9AI score0.00035EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/03 7:7 a.m.5 views

CVE-2025-15434

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early...

9.8CVSS7AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 4:2 a.m.8 views

CVE-2025-15427

A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManager/carUseDetailList.j%73p. The manipulation of the argument CARBRANDNO results in sql injection. The attack may be performed from remote. The explo...

9.8CVSS6.8AI score0.00035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 1:21 a.m.7 views

CVE-2025-15421

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agentworksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publ...

7.5CVSS7.2AI score0.00384EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/01/02 8:47 p.m.4 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS7.8AI score0.0055EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/01/02 8:2 p.m.3 views

CVE-2026-0571 yeqifu warehouse AppFileUtils.java createResponseEntity path traversal

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path...

5.3CVSS6.5AI score0.00443EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/02 6:32 p.m.4 views

CVE-2026-0569 code-projects Online Music Site AlbumByCategory.php sql injection

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

7.5CVSS6.8AI score0.00326EPSS
Exploits1References5
NVD
NVD
added 2026/01/02 6:15 p.m.3 views

CVE-2026-0568

A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

9.8CVSS0.00333EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/02 6:2 p.m.4 views

CVE-2026-0568 code-projects Online Music Site ViewSongs.php sql injection

A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

7.5CVSS6.5AI score0.00333EPSS
Exploits1References5
CVE
CVE
added 2026/01/02 6:2 p.m.19 views

CVE-2026-0568

The CVE affects code-projects Online Music Site 1.0, specifically the /Frontend/ViewSongs.php file where manipulation of the ID parameter enables SQL injection. This allows remote exploitation, and an exploit has been published. Root cause is unsanitized/incorrect handling of the ID argument in a...

9.8CVSS6.5AI score0.00333EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/02 3:16 p.m.2 views

CVE-2025-53414

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

4.9CVSS5.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/02 3:15 p.m.4 views

CVE-2025-15438

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

7.2CVSS5.5AI score0.00386EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/02 2:54 p.m.3 views

CVE-2025-52864 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

5.3CVSS7AI score0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 2:52 p.m.4 views

CVE-2025-44013 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

5.3CVSS6.5AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 2:2 p.m.3 views

CVE-2026-0565 code-projects Content Management System delete.php sql injection

A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

7.5CVSS7.3AI score0.00333EPSS
Exploits1References5
OSV
OSV
added 2026/01/02 10:15 a.m.6 views

CVE-2026-0547

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

8.8CVSS5.4AI score0.0031EPSS
Exploits1References5
CVE
CVE
added 2026/01/02 6:2 a.m.22 views

CVE-2025-15431

UTT 512W firmware 1.7.7-171114 is affected by a buffer overflow in strcpy used by /goform/formFtpServerDirConfig; manipulating the filename argument can trigger overflow and allows remote exploitation. Public exploit exists; vendor did not respond to disclosure. Connected documents confirm the af...

9CVSS8.7AI score0.00687EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/02 5:15 a.m.7 views

CVE-2025-15428

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public an...

9CVSS0.00811EPSS
Exploits1References5
CVE
CVE
added 2026/01/02 4:32 a.m.26 views

CVE-2025-15428

CVE-2025-15428 affects UTT 512W router (version 1.7.7-171114). The vulnerability is a buffer overflow in the strcpy usage of the /goform/formRemoteControl implementation, triggered by manipulating the Profile argument. This leads to a potential remote attack with a publicly available exploit. Mul...

9CVSS8.7AI score0.00811EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder