Lucene search
K

87096 matches found

Vulnrichment
Vulnrichment
added 2026/04/27 3:30 a.m.3 views

CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS4.9AI score0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 2:54 a.m.14 views

CVE-2026-3867

CVE-2026-3867 and CVE-2026-3868 affect Moxa’s Secure Router. CVE-2026-3867: improper ownership management may allow a low-privileged authenticated user to access a configuration file containing the hashed admin password when the config is exported, exposing sensitive information (confidentiality ...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/27 2:54 a.m.31 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:54 a.m.5 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/04/27 2:54 a.m.5 views

EUVD-2026-25756

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

8.7CVSS5.4AI score0.00368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35349

A vulnerability has been found in likeadmin-likeshop likeadmin php up to 1.9.6. Affected by this issue is the function queryResult of the file serverappadminapiliststoolsDataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be...

5.8CVSS5AI score0.00253EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35356

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.1AI score0.00253EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Code-Projects Chat System 跨站脚本漏洞

Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a cross-site scripting vulnerability. This vulnerability stems from improper handling of the parameter “msg” in the “Chat Interface” component’s...

4.8CVSS5.6AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. These vulnerabilities stem from improper ownership management, allowing users with low privileges to access configuration...

6CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Fan Control 安全漏洞

Fan Control is a cooling fan control software developed by Rémi Mercier. The Fan Control V251 version contains a security vulnerability, which stems from improper handling of Open File Dialog permissions. This vulnerability could allow local attackers to execute operations with administrator...

8.8CVSS5.9AI score0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 12:0 a.m.6 views

EUVD-2025-209578

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...

8.8CVSS5.2AI score0.00102EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.8 views

1000 Projects Portfolio Management System MCA 注入漏洞

The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Versions of the 1000 Projects Portfolio Management System MCA, including version 1.0 and earlier, had a SQL injection vulnerability. This vulnerability stemmed from the...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35498

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.7 views

PT-2026-35559

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Improper authorization checks in the 'chat.send' path allow write-scoped gateway callers to perform admin-only session reset operations. This enables attackers to rotate target sessions, archive...

8.5CVSS5.4AI score0.00255EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

likeadmin 注入漏洞

likeadmin is a general-purpose management backend development framework created by likeadmin’s individual developer. Versions of likeadmin 1.9.6 and earlier have a vulnerability related to injection attacks. This vulnerability stems from improper handling of the queryResult function in the...

5.8CVSS5.9AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35518

Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...

7CVSS6AI score0.00346EPSS
Exploits0References13
NVD
NVD
added 2026/04/26 10:17 p.m.12 views

CVE-2026-7043

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/26 1:30 p.m.9 views

EUVD-2026-25721

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/26 1:15 p.m.8 views

EUVD-2026-25720

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/26 1:15 p.m.35 views

CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS0.00201EPSS
Exploits0References4
Rows per page
Query Builder