Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

8.8CVSS5.5AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.18 views

CVE-2026-36608

The advisory concerns the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. A UPnP AddPortMapping issue allows an unauthenticated LAN attacker to forward external ports to the router’s admin interface by abusing the InternalClient field (accepting 192.168.1.1 or 127.0.0.1). This en...

8.8CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:0 p.m.8 views

CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/02 3:36 a.m.4 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00234EPSS
Exploits0References11
NVD
NVD
added 2025/10/28 1:16 a.m.4 views

CVE-2025-12336

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminindex.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is...

9.8CVSS0.00437EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:25 a.m.9 views

CVE-2023-3139

The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered...

6.1CVSS6.7AI score0.00728EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/03/18 12:0 a.m.28 views

CVE-2024-20767

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interactio...

7.4CVSS6.9AI score0.98514EPSS
In wildExploits7References2
Rows per page
Query Builder