Lucene search
+L

896 matches found

Cvelist
Cvelist
added 2026/02/20 11:10 p.m.36 views

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 4:36 a.m.21 views

CVE-2026-1047

CVE-2026-1047 concerns the WordPress salavat counter plugin (versions

4.4CVSS5.7AI score0.00297EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.9 views

CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery CSRF vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts privileged users ...

6.5CVSS5.9AI score0.00173EPSS
Exploits1References1
OSV
OSV
added 2026/02/18 10:7 p.m.4 views

GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6
OSV
OSV
added 2026/02/11 1:15 p.m.5 views

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

4.9CVSS5.8AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 1:15 p.m.11 views

CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

5.1CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 8:53 p.m.18 views

CVE-2026-25878

FroshAdminer (Shopware Platform) vulnerable in versions prior to 2.2.1 where the Adminer UI at /admin/adminer was exposed without Shopware admin authentication due to auth_required=false and no session validation. This allowed unauthenticated access to the Adminer UI, with a potentially limited i...

6.9CVSS5.5AI score0.00362EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.9 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.8AI score0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 10:9 p.m.18 views

CVE-2020-37084

CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.5 views

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS6.2AI score0.02682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.4 views

CVE-2026-22229

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...

8.6CVSS6.2AI score0.01887EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.6 views

CVE-2026-22224

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.7AI score0.02597EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.33 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

0.02036EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 6:16 p.m.5 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

7.2CVSS5.8AI score0.02394EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:16 p.m.6 views

CVE-2026-22224

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

7.2CVSS5.8AI score0.02597EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:16 p.m.4 views

CVE-2026-22227

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

7.2CVSS5.8AI score0.02605EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.7 views

CVE-2026-22227

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

8.5CVSS0.02605EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.9 views

CVE-2026-22224

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS0.02597EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.12 views

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS0.02682EPSS
Exploits0References6
NVD
NVD
added 2026/02/02 6:16 p.m.9 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS0.02394EPSS
Exploits0References6
Rows per page
Query Builder