Lucene search
+L

7 matches found

attackerkb
attackerkb
added 2026/04/08 2:29 p.m.1 views

CVE-2026-39390

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2025/08/24 12:13 a.m.4 views

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

5.3CVSS7.2AI score0.00222EPSS
Exploits0References1
cve
cve
added 2025/08/22 12:0 a.m.14 views

CVE-2025-55626

The CVE-2025-55626 entry concerns Reolink Smart 2K+ Plug-in Wi‑Fi Video Doorbell with Chime, firmware 3.0.0.4662_2503122283. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows unauthorized access to Admin-only settings and the ability to edit session storage. Root cause i...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/22 12:0 a.m.4 views

CVE-2025-55626

An Insecure Direct Object Reference IDOR vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage...

6.6AI score0.00222EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/03/12 12:0 a.m.6 views

PT-2025-10993 · WordPress · Blogbuzztime

Name of the Vulnerable Software and Affected Versions: BlogBuzzTime for WP plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.8CVSS7.9AI score0.00234EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/10/09 12:0 a.m.9 views

PT-2024-38040

Name of the Vulnerable Software and Affected Versions open-webui version 0.3.8 Description An information disclosure issue exists related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different err...

2.7CVSS5.9AI score0.00336EPSS
Exploits1References12
exploitpack
exploitpack
added 2017/07/20 12:0 a.m.14 views

VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass

VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass Exploit Title: IP Camera VACRON VIG-US731VE Date: 2017-07-18 Exploit Author: anonymous Vendor Homepage: www.vacron.com Version: V1.0.18-09-B727 1. doesn't require credentials to fetch snapshot like this:...

0.4AI score
Exploits0
Rows per page
Query Builder