Lucene search
+L

684 matches found

osv
osv
added 2026/04/09 4:30 a.m.3 views

CVE-2026-5842 decolua 9router Administrative API Endpoint api authorization

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

6.9CVSS6.3AI score0.00313EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/04/09 12:0 a.m.9 views

9Router 安全漏洞

9Router is an intelligent routing and downgrade AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.3.47 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues in the Administrative API Endpoint component’s/a...

7.5CVSS7.1AI score0.00313EPSS
Exploits0References8
github
github
added 2026/04/01 10:4 p.m.9 views

CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...

9.1CVSS6.2AI score0.00307EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/03/26 8:47 p.m.2 views

CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

6.7CVSS6.2AI score0.02904EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/11 3:12 a.m.3 views

CVE-2026-23815 Authenticated Command Injection found in AOS-CX Administrative CLI Command

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...

7.2CVSS5.9AI score0.00938EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/10 2:52 p.m.3 views

CVE-2026-3862 Cross-Site Scripting Vulnerability in SiteMinder Administrative UI

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References1
cve
cve
added 2026/03/10 2:52 p.m.18 views

CVE-2026-3862

CVE-2026-3862 is an XSS vulnerability affecting the SiteMinder Administrative UI. The description states that an attacker can submit specially crafted data to the application, and the data is returned unaltered in the resulting web page. The entry provides CVSS-like metrics with base score 4.6 (M...

4.8CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/03/03 12:0 a.m.8 views

EUVD-2026-9299

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

2.7CVSS6AI score0.0022EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/28 7:45 p.m.8 views

CVE-2026-27751

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...

9.8CVSS6AI score0.00449EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/28 1:56 a.m.9 views

CVE-2026-3262

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been...

8.8CVSS6.2AI score0.00415EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/28 1:55 a.m.8 views

CVE-2026-3264

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

8.8CVSS6.4AI score0.00415EPSS
Exploits1References1
euvd
euvd
added 2026/02/27 12:31 a.m.8 views

EUVD-2026-8924

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

6.5CVSS5.4AI score0.00415EPSS
Exploits1References5
euvd
euvd
added 2026/02/27 12:31 a.m.6 views

EUVD-2026-8903

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been...

6.5CVSS5.3AI score0.00415EPSS
Exploits1References5
osv
osv
added 2026/02/26 11:16 p.m.7 views

CVE-2026-3264

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4
nvd
nvd
added 2026/02/26 11:16 p.m.10 views

CVE-2026-3264

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

8.8CVSS0.00415EPSS
Exploits1References4
nvd
nvd
added 2026/02/26 10:20 p.m.9 views

CVE-2026-3262

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been...

8.8CVSS0.00415EPSS
Exploits1References4
cve
cve
added 2026/02/26 10:2 p.m.17 views

CVE-2026-3264

CVE-2026-3264 affects go2ismail Free-CRM’s Administrative Interface, with a vulnerability that enables code execution after redirection via a remote manipulation. Multiple connected sources confirm that the exploit has been publicly disclosed; the release model is rolling, and specific affected v...

8.8CVSS5.3AI score0.00415EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/02/26 10:2 p.m.5 views

CVE-2026-3264

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

8.8CVSS6.4AI score0.00415EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/02/26 10:2 p.m.6 views

CVE-2026-3264 go2ismail Free-CRM Administrative redirect

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

6.5CVSS6.4AI score0.00415EPSS
Exploits1References4
cvelist
cvelist
added 2026/02/26 10:2 p.m.28 views

CVE-2026-3264 go2ismail Free-CRM Administrative redirect

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely...

6.5CVSS0.00415EPSS
Exploits1References4
Rows per page
Query Builder