Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.1 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00013EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/01 6:31 a.m.1 views

EUVD-2026-17773

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.4AI score0.00013EPSS
Exploits1References5
NVD
NVDadded 2026/04/01 4:17 a.m.2 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS0.00013EPSS
Exploits1References4
EUVD
EUVDadded 2026/04/01 3:31 a.m.4 views

EUVD-2026-17771

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00069EPSS
Exploits0References5
NVD
NVDadded 2026/04/01 3:15 a.m.2 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS0.00069EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/01 3:15 a.m.1 views

CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00013EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/01 3:15 a.m.30 views

CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS0.00013EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/01 3:15 a.m.3 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00013EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/01 2:30 a.m.2 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00069EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/01 2:30 a.m.1 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00069EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/01 2:30 a.m.6 views

CVE-2026-5251

The CVE-2026-5251 entry describes a vulnerability in z-9527 admin 1.0/2.0 affecting the User Update Endpoint. The issue occurs in the code path related to /server/routes/user.js where manipulating the isAdmin argument (e.g., input 1) causes dynamically determined object attributes, enabling remot...

6.5CVSS6.4AI score0.00069EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/01 2:30 a.m.29 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS0.00069EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.2 views

PT-2026-29446

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00069EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.2 views

CVE-2026-4999

A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote...

6.5CVSS5.4AI score0.00106EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/28 3:32 p.m.3 views

EUVD-2026-16927

A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote...

6.5CVSS6.2AI score0.00106EPSS
Exploits0References5
CVE
CVEadded 2026/03/28 3:0 p.m.4 views

CVE-2026-4999

The CVE-2026-4999 entry concerns z-9527 admin. A vulnerability is located in the uploadFile function in /server/utils/upload.js within the isImg Check component. Manipulating the fileType argument can trigger a path traversal, enabling remote exploitation. Publicly disclosed exploit details exist...

6.5CVSS6.1AI score0.00106EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/28 3:0 p.m.1 views

CVE-2026-4999 z-9527 admin isImg Check upload.js uploadFile path traversal

A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote...

6.5CVSS6.2AI score0.00106EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/28 12:0 a.m.2 views

PT-2026-28717

Name of the Vulnerable Software and Affected Versions z-9527 admin versions prior to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2 Description A security issue has been identified in z-9527 admin. The issue resides within the uploadFile function located in the /server/utils/upload.js file, specificall...

6.5CVSS5.7AI score0.00106EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/03/28 12:0 a.m.4 views

admin 路径遍历漏洞

Admin is a chatroom software developed by Z-9527. There is a path traversal vulnerability in Admin, which stems from incorrect handling of the fileType parameter, potentially leading to path traversal...

6.5CVSS6.6AI score0.00106EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/02/26 10:35 p.m.3 views

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

7.5CVSS5.3AI score0.00073EPSS
Exploits0References1
Rows per page
Query Builder