Lucene search
K

192493 matches found

Cvelist
Cvelist
added 2026/02/07 5:2 p.m.25 views

CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

6.5CVSS0.00276EPSS
Exploits1References6
OSV
OSV
added 2026/02/07 3:15 p.m.3 views

CVE-2026-2089

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

9.8CVSS5.7AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/07 1:12 p.m.7 views

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.2AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/07 1:12 p.m.7 views

CVE-2026-2011

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public...

9.8CVSS7.1AI score0.00326EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/07 11:32 a.m.6 views

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

8.6CVSS7AI score0.03855EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/07 10:2 a.m.4 views

CVE-2026-2082 D-Link DIR-823X set_mac_clone os command injection

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/setmacclone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used...

5.8CVSS5.4AI score0.04469EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/07 7:22 a.m.5 views

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/02/07 5:2 a.m.16 views

CVE-2026-2075

The CVE-2026-2075 entry concerns yeqifu warehouse. Affected component is the Role-Permission Binding Handler, specifically saveRolePermission in dataset/repos/warehouse/src/main/java/com/yeqifu/sys/controller/RoleController.java. The flaw is improper access controls, enabling remote exploitation....

8.8CVSS6.2AI score0.00309EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/07 5:2 a.m.8 views

CVE-2026-2075

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

6.5CVSS5.1AI score0.00309EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 5:2 a.m.8 views

EUVD-2026-5748

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

6.5CVSS5.1AI score0.00309EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.9 views

CVE-2026-1963

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

9.8CVSS6AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.10 views

CVE-2026-1962

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is...

9.8CVSS5.8AI score0.00323EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-23849

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

5.3CVSS5.7AI score0.00417EPSS
Exploits1References3
NVD
NVD
added 2026/02/07 12:15 a.m.6 views

CVE-2020-37161

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to...

9.8CVSS0.0087EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.6 views

PT-2026-6883

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A security issue exists in yeqifu warehouse related to improper authorization. The issue is present in the addRole, updateRole, and deleteRole functions within the RoleController.jav...

6.5CVSS5.3AI score0.00262EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

tpAdmin 代码问题漏洞

tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...

9.8CVSS7.2AI score0.00554EPSS
Exploits3References5
NVD
NVD
added 2026/02/06 11:15 p.m.7 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:48 p.m.6 views

CVE-2026-25754

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

7.2CVSS5.4AI score0.00364EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/06 10:48 p.m.28 views

CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

7.2CVSS0.00364EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:40 p.m.4 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder