Lucene search
+L

848 matches found

ptsecurity
ptsecurity
added 2026/05/10 12:0 a.m.14 views

PT-2026-39436

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase return save. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.11 views

Dotouch XproUPF 安全漏洞

Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/10 12:0 a.m.15 views

PT-2026-39438

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/10 12:0 a.m.16 views

PT-2026-39461

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...

4.6CVSS5.2AI score0.00139EPSS
Exploits0References4
nvd
nvd
added 2026/05/09 9:16 p.m.60 views

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS0.00463EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/09 8:0 p.m.10 views

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

5.3CVSS4.2AI score0.00269EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/09 12:0 a.m.31 views

PT-2026-39415

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...

6.3CVSS5.8AI score0.00463EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/06 7:30 p.m.7 views

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/05/06 12:0 a.m.13 views

PicoTronica e-Clinic Healthcare System ECHS 信息泄露漏洞

PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a vulnerability related to information leakage. This vulnerability stems from an unknown function...

6.9CVSS6AI score0.00292EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/05 8:21 p.m.8 views

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score0.00206EPSS
Exploits0References1
nvd
nvd
added 2026/05/04 8:16 a.m.46 views

CVE-2026-7743

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00241EPSS
Exploits0References5
nvd
nvd
added 2026/05/04 6:16 a.m.26 views

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

6.5CVSS0.00206EPSS
Exploits0References5
nvd
nvd
added 2026/05/03 7:16 a.m.22 views

CVE-2026-7683

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

6.5CVSS0.01543EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/02 12:0 a.m.25 views

PT-2026-36641

Name of the Vulnerable Software and Affected Versions CodeWise Tornet Scooter Mobile App version 4.75 Description An issue exists in an unknown function within the /TwoFactor file that results in improper restriction of excessive authentication attempts. This allows a remote attacker to perform a...

6.3CVSS5.8AI score0.00565EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/01 7:0 p.m.3 views

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/05/01 7:0 p.m.8 views

EUVD-2026-26709

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
euvd
euvd
added 2026/05/01 3:30 a.m.6 views

EUVD-2026-26475

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.3AI score0.00274EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/04/30 1:0 a.m.4 views

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/30 12:0 a.m.6 views

PT-2026-36130

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5AI score0.00239EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/04/29 2:49 p.m.5 views

CVE-2026-7230

A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used...

5.3CVSS3.6AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder