Lucene search
K

87068 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.2 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.8AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31650

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'user group id' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who ow...

2.3CVSS6AI score0.00208EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue in the gateway plugin subagent's deleteSession function. This function utilizes a synthetic operator.admin runtime scope, allowing attackers to...

8.1CVSS6AI score0.0028EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter sucatdescription in the file admin/add-subcategory.php, which...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

Lychee 安全漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.4 contained security vulnerabilities. These vulnerabilities were caused by an error in the order of SQL operators in the...

4.3CVSS5.9AI score0.00208EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.1 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.3AI score0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/09 12:0 a.m.6 views

EUVD-2025-209385

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.3AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31821

Name of the Vulnerable Software and Affected Versions Smart Slider 3 Pro version 3.5.1.35 Description Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system. This allows unauthenticated attackers to...

9.8CVSS6.3AI score0.00551EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the HTTP /sessions/:sessionKey/kill route. As a result, any user with a toke...

8.1CVSS5.8AI score0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31755

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains an improper access control issue in the /sessions/:sessionKey/kill route. Any bearer-authenticated user can invoke admin-level session termination functions without proper scop...

8.1CVSS5.9AI score0.00346EPSS
Exploits0References6
CVE
CVE
added 2026/04/09 12:0 a.m.10 views

CVE-2025-70811

CVE-2025-70811 affects PhpBB phbb3 3.3.15. The vulnerability is a Cross-Site Request Forgery that enables a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality. Affected component: Admin Control Panel icon management in PhpBB 3.3.15. The root cause i...

4.3CVSS6.3AI score0.00148EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31618

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.3AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31695

Name of the Vulnerable Software and Affected Versions V2Board versions 1.6.1 through 1.7.4 and Xboard versions through 0.1.9 Description V2Board and Xboard are affected by an issue where authentication tokens are exposed in the HTTP response bodies of the loginWithMailLink endpoint when the login...

9.1CVSS5.8AI score0.00584EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31574

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0 Description A flaw has been found in code-projects Online Shoe Store 1.0. The vulnerability affects an unknown functionality of the file '/admin/admin football.php'. A manipulation of the product nam...

4.8CVSS4.3AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/09 12:0 a.m.21 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

WordPress plugin Ziggeo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the productname parameter in the file...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenPLC Runtime version 3 安全漏洞

OpenPLC Runtime version 3 is a programmable logic controller developed by Thiago Alves. There is a security vulnerability in OpenPLC Runtime version 3. This vulnerability stems from the REST API endpoints only checking the existence of JWTs without verifying the caller’s role. This could allow...

8.8CVSS5.8AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder