Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.14 views

PT-2026-49145

Name of the Vulnerable Software and Affected Versions Grit42 Grit versions prior to 0.11.0 Description A SQL injection issue exists in the GritEntityController component, specifically within the file modules/core/backend/app/controllers/concerns/grit/core/grit entity controller.rb. This flaw allo...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 2:45 a.m.11 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 10:0 a.m.20 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS0.01158EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:0 a.m.5 views

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

6.3CVSS4.9AI score0.00333EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/06 6:30 a.m.7 views

EUVD-2026-19164

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

6.3CVSS5.4AI score0.00323EPSS
Exploits0References5
CVE
CVE
added 2026/04/05 5:30 p.m.9 views

CVE-2026-5585

Summary of CVE-2026-5585 : Tencent AI-Infra-Guard 4.0 contains a vulnerability in the Task Detail Endpoint, specifically an unknown function within the file common/websocket/task_manager.go. Manipulation of this element results in information disclosure. The attack may be initiated remotely and, ...

7.5CVSS5.6AI score0.00641EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/29 1:17 p.m.4 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS0.00663EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/27 10:3 p.m.2 views

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

5.3CVSS5.5AI score0.00337EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 2:16 a.m.5 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:14 a.m.2 views

CVE-2026-4584

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires ...

3.1CVSS5.3AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25619

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...

7.5CVSS6.6AI score0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/12 5:32 a.m.31 views

CVE-2026-3990 CesiumGS CesiumJS standalone.html cross site scripting

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/23 3:2 a.m.6 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.2AI score0.00218EPSS
Exploits1
NVD
NVD
added 2026/02/16 7:17 a.m.6 views

CVE-2026-2542

A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. Thi...

7.3CVSS0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/10 2:30 p.m.29 views

CVE-2025-7636 SQLi in Ergosis Security Systems' ZEUS PDKS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection. This issue affects ZEUS PDKS: from 1.0.5.10 through 10022026. NOTE: The vendor was contacted early about th...

8.8CVSS0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/02/09 12:15 p.m.4 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/02/06 7:16 a.m.8 views

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

7.2CVSS0.17152EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/01 11:2 p.m.33 views

CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

5.3CVSS0.00364EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 1:47 p.m.3 views

CVE-2025-7014

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS5.4AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 10:16 a.m.4 views

CVE-2025-4763

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

6.1CVSS5.8AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder