Lucene search
K

87068 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/29 3:39 p.m.2 views

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/29 3:39 p.m.6 views

EUVD-2026-26245

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/29 3:34 p.m.4 views

EUVD-2026-26244

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 3:34 p.m.4 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 3:34 p.m.8 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 3:34 p.m.34 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS0.00177EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.5 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 10:38 a.m.102 views

Script-for-profile-press-exploit-in-wordpress

CVE-2021-34621 – ProfilePress WP User Avatar Privilege Escal...

9.8CVSS8.6AI score0.68862EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/04/29 6:18 a.m.6 views

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS5.6AI score0.01157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-36001

Tenda FH303/A300 firmware V5.07.68 EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

9.8CVSS5.2AI score0.00651EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-37142

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The inventory module fails to properly enforce authorization for destructive operations on the backend, relying instead on the UI layer to hide buttons from non-administrative users. While the system...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.6 views

SourceCodester Pizzafy Ecommerce System 访问控制错误漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a security vulnerability related to access control. This vulnerability arises from improper handling of the img parameter in...

5.8CVSS5.7AI score0.00268EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.3 views

PT-2026-35999

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

9.8CVSS5.2AI score0.00651EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.70 views

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

5.8CVSS5.3AI score0.00244EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

Tenda W308R 安全漏洞

The Tenda W308R is a home wireless router from the Chinese company Tenda. It supports wireless network connections and routing management functions. The Tenda W308R v2 V5.07.48 version has a security vulnerability. This vulnerability stems from a Cookie session weakness, which allows unauthorized...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

Helpy 跨站脚本漏洞

Helpy is an open-source customer support application developed by the American company Helpy. This program includes features such as a knowledge base, community discussions, and email functionality. Version 2.8.0 of Helpy contains a cross-site scripting vulnerability. This vulnerability stems fro...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function savemenu within the file...

5.8CVSS5.8AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

5.8CVSS5AI score0.00244EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-36013

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...

5.8CVSS5.1AI score0.00253EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...

5.8CVSS5.8AI score0.00244EPSS
Exploits1References1
Rows per page
Query Builder