Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

9.1CVSS5.5AI score0.13549EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/05 12:30 a.m.8 views

EUVD-2026-27151

A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udmnudmuecmhandleamfregistrationupdate of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be...

5.3CVSS5.4AI score0.00271EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.7 views

PT-2025-41466

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...

9.8CVSS7.5AI score0.00861EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0023

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.00479EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0959

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00628EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.5 views

PT-2025-35092

Name of the Vulnerable Software and Affected Versions: D-Link DIR-868L B1 router firmware version FW2.05WWB02 Description: The D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The...

9.8CVSS8.1AI score0.0583EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.6 views

PT-2024-6467 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...

10CVSS7AI score0.06239EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-25229

Name of the Vulnerable Software and Affected Versions kubevirt versions 1.2.0 and earlier Description The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This can be done by sending a crafted command to the /kubevirt.io/kubevirt API...

5.9CVSS6.7AI score0.00324EPSS
Exploits0References29
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-2265 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetDeviceName function of the /goform/SetOnlineDevName file, leading to a stack-based buffer overflow when the devName or mac argument is manipulated. This can be...

9CVSS9AI score0.01648EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.7 views

PT-2023-27874 · Plixer · Plixer Scrutinizer

Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint. The csvExportReport endpoint action generateCSV does not require authentication, allowing an unauthenticated user to expor...

5.3CVSS5.2AI score0.00494EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.4 views

PT-2023-11500 · Unknown · Chaoji Cms

Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary code via the "/index.php?admin-master-webset" API endpoint. This enables attackers to inject malicious scripts into the...

4.8CVSS5.4AI score0.00432EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.14 views

PT-2022-8681 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028 Description: A vulnerability allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to enable or disable ports and to chan...

4.3CVSS7.3AI score0.00376EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/10 12:0 a.m.6 views

PT-2022-18237 · Zbzcms · Zbzcms

Name of the Vulnerable Software and Affected Versions: zbzcms version 1.0 Description: The issue is related to incorrect access control at the /admin/run ajax.php endpoint, allowing attackers to add administrator accounts arbitrarily. Recommendations: For zbzcms version 1.0, as a temporary...

9.8CVSS9.3AI score0.01119EPSS
Exploits0References3
OSV
OSV
added 2021/10/05 1:15 p.m.2 views

UBUNTU-CVE-2021-39884

In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project...

4.3CVSS5.8AI score0.0097EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/08/11 12:0 a.m.3 views

PT-2021-6290 · Adobe · Magento Commerce

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier Description: The issue exists due to insufficient input validation in the Magento Commerce platform, allowi...

8.8CVSS8.6AI score0.02242EPSS
Exploits0References5
CNVD
CNVD
added 2018/11/28 12:0 a.m.4 views

Xiaomi Mi Router 3 Command Injection Vulnerability (CNVD-2018-24496)

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A system command injection vulnerability exists in the wifiaccess endpoint in Xiaomi Mi Router 3 version 2.22.15. The vulnerability can be exploited to execute system commands with the 'timeout' URL parameter...

9CVSS9.2AI score0.23955EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/04/02 12:0 a.m.7 views

PT-2018-18906 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the egroup parameter to the "/uploads/dede/stepselect main.php" API endpoint, as code within the database is accessible to...

9.8CVSS7.5AI score0.02213EPSS
Exploits1References6
Rows per page
Query Builder