Lucene search
+L

578 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 8:59 p.m.15 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

5.8AI score0.00316EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/28 8:59 p.m.42 views

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 9:27 a.m.20 views

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 9:27 a.m.12 views

EUVD-2026-32175

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.42 views

CVE-2018-25329 WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05R1B011D88210 version has a vulnerability related to command injection, which stems from operations on the ipaddress parameter...

8.8CVSS6.6AI score0.03095EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:0 a.m.10 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/08 9:16 a.m.20 views

CVE-2026-7330

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS0.00366EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Cradle eCommerce 输入验证错误漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a vulnerability related to input validation. This vulnerability stems from improper validation of the returnUrl parameter in the login...

5.3CVSS5.8AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37058

Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The traceroute diagnostic handler in the '/bin/httpd clientside' endpoint of the affected devices...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.13 views

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

4.4CVSS5.8AI score0.00151EPSS
Exploits0References8
NVD
NVD
added 2026/04/30 5:16 p.m.8 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/30 4:8 p.m.36 views

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/29 8:22 a.m.5 views

EUVD-2026-26198

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/27 9:31 p.m.10 views

Server-side Request Forgery (SSRF)

Overview mcp-url-downloader is a MCP server that enables AI assistants to download files from URLs to the local filesystem Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateurlsafe function. An attacker can access internal resources or services b...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 1:30 a.m.7 views

EUVD-2026-25753

A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been mad...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 1:30 a.m.22 views

CVE-2026-7075

CVE-2026-7075 affects itsourcecode Construction Management System 1.0. The issue is a SQL injection in /locations.php caused by manipulation of the address parameter, exploitable remotely. Public exploit exist; no remediation details are provided in the supplied documents. Affected component: the...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

BuildingAI 代码问题漏洞

BuildingAI is an enterprise-level open-source intelligence platform for individual developers, enabling the visualization configuration of AI applications. Versions of BuildingAI prior to 26.0.1 have code vulnerabilities; these vulnerabilities stem from the handling of the url parameter in the...

7.5CVSS7.2AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Toonflow 路径遍历漏洞

Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained a path traversal vulnerability. This vulnerability stemmed from the updateStoryboardUrl function in the Storyboard Export component, which improperly handled the url parameter,...

5.3CVSS5.8AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder