Lucene search
K

712 matches found

Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30168

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0 Description The Linux kernel contains a flaw in the RedBoot partition table parser. When CONFIG FORTIFY SOURCE is enabled and a recent compiler is used, a buffer overflow can occur during the parsing...

9.8CVSS5.7AI score0.00443EPSS
Exploits0References471
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27811

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...

8.8CVSS6.1AI score0.02037EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/24 11:27 a.m.2 views

CVE-2019-25636 Zeeways Jobsite CMS Lastest SQL Injection via id Parameter

Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to newsdetails.php, jobsdetails.php, or jobcmpdetails.php with malicious 'id'...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 11:27 a.m.8 views

CVE-2019-25636

Zeeways Jobsite CMS (CVE-2019-25636) contains an SQL injection vulnerability in the id parameter of the news_details.php, jobs_details.php, and job_cmp_details.php endpoints. The flaw allows unauthenticated attackers to manipulate database queries by injecting SQL code (including GROUP BY and CAS...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27331

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...

7.5CVSS5.8AI score0.00322EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/23 6:38 p.m.9 views

WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability

Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/22 3:31 p.m.5 views

EUVD-2019-19977

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS6AI score0.00126EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/22 3:31 p.m.6 views

EUVD-2019-19965

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare...

8.5CVSS6.4AI score0.00144EPSS
Exploits0References5
NVD
NVD
added 2026/03/22 2:16 p.m.3 views

CVE-2019-25618

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS0.00126EPSS
Exploits0References3
NVD
NVD
added 2026/03/22 2:16 p.m.4 views

CVE-2019-25612

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare...

8.5CVSS0.00144EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/22 1:38 p.m.1 views

CVE-2019-25618 AdminExpress 1.2.5 Denial of Service via System Compare

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS6AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/22 1:38 p.m.26 views

CVE-2019-25618 AdminExpress 1.2.5 Denial of Service via System Compare

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/03/22 1:38 p.m.7 views

CVE-2019-25618

AdminExpress 1.2.5 is affected by a local-denial-of-service in the System Compare feature. An attacker can submit oversized input in the Folder Path field, sending a large buffer of characters to trigger the comparison function and cause the application to become unresponsive or crash. This is a ...

6.9CVSS6AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:38 p.m.2 views

CVE-2019-25618

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS6AI score0.00126EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/22 1:38 p.m.2 views

CVE-2019-25612 Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare...

8.5CVSS6.4AI score0.00144EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:38 p.m.2 views

CVE-2019-25612

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare...

8.5CVSS6.4AI score0.00144EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/22 1:38 p.m.6 views

CVE-2019-25612

CVE-2019-25612 affects Admin Express 1.2.5.485. It describes a local SEH buffer overflow in the Folder Path field triggered via the System Compare feature, where a crafted payload can execute shellcode with application privileges. Public references include Exploit-DB, confirming exploit availabil...

8.5CVSS6.4AI score0.00144EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.3 views

PT-2026-27006

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to...

6.9CVSS6AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.4 views

PT-2026-27000

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare...

8.5CVSS6.4AI score0.00144EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 4:17 a.m.4 views

CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

6.5CVSS0.00242EPSS
Exploits0References5
Rows per page
Query Builder