Lucene search
K

323 matches found

CVE
CVE
added 2026/03/18 3:28 p.m.15 views

CVE-2026-2992

The vulnerability affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin up to version 4.1.2. A missing authorization flaw exists on the REST endpoint /wp-json/kivicare/v1/setup-wizard/clinic, enabling unauthenticated attackers to create a new clinic and a WordPress user...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.18 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 6:31 a.m.11 views

EUVD-2026-11521

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS6.3AI score0.00715EPSS
Exploits1References6
NVD
NVD
added 2026/03/12 4:16 a.m.7 views

CVE-2026-3978

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS0.00715EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/12 3:32 a.m.37 views

CVE-2026-3978 D-Link DIR-513 formEasySetupWizard3 stack-based overflow

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS0.00715EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.7 views

CVE-2025-70226

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard...

6.1AI score0.00485EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:16 a.m.9 views

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

5.5CVSS6.9AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 7:44 p.m.6 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.3AI score0.04151EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/12/18 3:10 p.m.2 views

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

7.1CVSS6.8AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2025/12/17 7:16 p.m.9 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.04151EPSS
Exploits3References1
EUVD
EUVD
added 2025/12/17 7:3 p.m.8 views

EUVD-2025-203917

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS7.8AI score0.04151EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/12/17 7:3 p.m.36 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.04151EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/12/17 7:3 p.m.6 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS7.9AI score0.04151EPSS
Exploits3References1
OSV
OSV
added 2025/12/17 7:3 p.m.6 views

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.2AI score0.04151EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2025/11/20 12:0 a.m.5 views

RaidenFTPD Server <= 2.4.4005 Buffer Overflow Vulnerability

RaidenFTPD v.2.4 build 4005 allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.8CVSS7.5AI score0.00433EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Lexmark Printers Improper Authentication (CVE-2021-44736)

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the out of service erase feature. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

10CVSS8.3AI score0.02432EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-6584

Malware in sbrugna...

7.5CVSS6.4AI score0.01359EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18273

Malware in sbrugna...

4.8CVSS5.1AI score0.00796EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4786

Malware in sbrugna...

9.8CVSS9.5AI score0.02712EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0852

Malware in sbrugna...

5.5CVSS6AI score0.00163EPSS
Exploits0References4
Rows per page
Query Builder