Lucene search
K

1190 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.7 views

CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8.8CVSS6.6AI score0.01897EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 5:3 p.m.3 views

CVE-2026-26934

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 4:14 p.m.3 views

CVE-2026-20036 Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

6.5CVSS6.2AI score0.00444EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 9:19 p.m.15 views

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

9.8CVSS0.00693EPSS
Exploits1References2
CVE
CVE
added 2026/02/20 10:54 p.m.13 views

CVE-2019-25435

CVE-2019-25435 affects Sricam DeviceViewer 3.12.0.1. The issue is a local, stack‑based buffer overflow in the User Management → Add User function. An attacker with authenticated access can bypass DEP and inject a payload via the Username field to execute arbitrary code through a ROP chain. The re...

8.4CVSS6.7AI score0.0032EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/19 4:36 a.m.18 views

CVE-2025-12975

The CVE-2025-12975 entry concerns CTX Feed – WooCommerce Product Feed Manager for WordPress (

7.2CVSS6.2AI score0.00821EPSS
Exploits0References3
OSV
OSV
added 2026/02/15 2:16 p.m.3 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

5.4CVSS5.6AI score
Exploits0References4
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.7 views

WordPress plugin WP Last Modified Info 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/13 9:23 p.m.33 views

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

8.8CVSS0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 10:26 a.m.23 views

CVE-2026-2276

CVE-2026-2276 describes a reflected XSS in Wix’s web app where uploading SVGs to the endpoint https://manage.wix.com/account/account-settings permits embedded JavaScript execution after storage. Authenticated users could upload crafted SVG content; when others view the image, script executes in t...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.8 views

CVE-2026-0652

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cau...

8.8CVSS0.22757EPSS
Exploits2References3
OSV
OSV
added 2026/02/09 10:39 p.m.8 views

CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6821

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into...

7.1CVSS5.7AI score0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/04 4:11 p.m.31 views

CVE-2026-20111 Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

4.8CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 10:1 p.m.10 views

CVE-2020-37078

CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 6:52 p.m.3 views

CVE-2025-62405 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

7.3CVSS5.9AI score0.00469EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 6:51 p.m.4 views

EUVD-2025-206670

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

7.3CVSS5.9AI score0.00469EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 6:51 p.m.33 views

CVE-2025-62404 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

7.3CVSS0.00469EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 6:16 p.m.6 views

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS0.00274EPSS
Exploits1References4
Rows per page
Query Builder