Lucene search
K

167 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 2 days ago14 views

CVE-2026-14691

CVE-2026-14691 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability resides in the function update_settings_info of the file classes/SystemSettings.php (Setting Handler). Manipulating the argument content[] enables code injection. The attack is described as ...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7407

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

5.8CVSS5.3AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.3AI score0.01803EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-9515

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8773

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...

5.8CVSS5.2AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10283

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS6.3AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 7:16 p.m.11 views

CVE-2026-10283

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS0.00295EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 6:45 p.m.9 views

CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/01 6:45 p.m.15 views

EUVD-2026-33747

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/01 6:45 p.m.32 views

CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS0.00295EPSS
Exploits0References8
CVE
CVE
added 2026/06/01 6:45 p.m.18 views

CVE-2026-10283

CVE-2026-10283 affects Bottelet DaybydayCRM up to version 2.2.1. The vulnerability is in an unknown function of the Setting Handler, where manipulation leads to missing authentication. Remote exploitation is possible. A patch is recommended to fix the issue.

6.5CVSS6.2AI score0.00295EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

DaybydayCRM 访问控制错误漏洞

DaybydayCRM is a daily customer relationship management system developed by Casper Bottelet as an individual project. Versions of DaybydayCRM prior to 2.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown feature of the Setting Handler component, which lacked...

6.5CVSS6.5AI score0.00295EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45504

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS5.4AI score0.00295EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.10 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS6.5AI score0.01803EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-9362

A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument maxConn/timeOut leads to command injection. The attack...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 7:16 a.m.13 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS0.01803EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:30 a.m.15 views

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/26 4:45 a.m.13 views

EUVD-2026-31789

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.6AI score0.01803EPSS
Exploits0References5
Rows per page
Query Builder