Lucene search
K

585 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 9:13 a.m.2 views

CVE-2025-4764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

8.8CVSS5.5AI score0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-3922

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

5.5CVSS5.4AI score0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 1:32 a.m.13 views

CVE-2026-1196

A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity...

5.3CVSS4.3AI score0.00409EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.10 views

MineAdmin has Incorrect Privilege Assignment

A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...

8.8CVSS5AI score0.0032EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/18 1:32 a.m.5 views

CVE-2026-1108 cijliu librtsp rtsp_rely_dumps buffer overflow

A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsprelydumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide...

5.3CVSS5.7AI score0.00219EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-15500

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS6.8AI score0.05593EPSS
Exploits1References1
CVE
CVE
added 2026/01/09 4:32 p.m.12 views

CVE-2025-15493

Summary: RainyGao DocSys

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/06 4:10 a.m.7 views

CVE-2025-15456

A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been...

7.5CVSS6.1AI score0.00391EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 5:2 p.m.5 views

CVE-2025-15439 Daptin Aggregate API resource_aggregate.go goqu.L sql injection

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resourceaggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely...

6.5CVSS6.7AI score0.00237EPSS
Exploits0References5
CVE
CVE
added 2026/01/02 2:32 a.m.20 views

CVE-2025-15424

CVE-2025-15424 affects Yonyou KSOA 9.0, specifically an SQL injection in the HTTP GET parameter handler for the file /worksheet/agent_worksdel.jsp via manipulation of the ID argument. The vulnerability enables remote exploitation and has publicly available exploits/PoC. Multiple sources confirm t...

9.8CVSS7.1AI score0.00392EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2025/12/29 3:2 a.m.16 views

CVE-2025-15169

The CVE-2025-15169 entry concerns BiggiDroid Simple PHP CMS 1.0. Affected functionality is in /admin/editsite.php; manipulating the ID parameter can cause SQL injection. The issue is exploitable remotely and an exploit has been publicly released. Red Hat and other connected records corroborate th...

7.2CVSS5AI score0.00387EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/12/28 2:16 p.m.5 views

CVE-2025-15138

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...

7.2CVSS0.00557EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 1:2 p.m.74 views

CVE-2025-15137 TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934  command injection

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

9CVSS0.10346EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 10:2 a.m.21 views

CVE-2025-15131 ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_SafeStatus command injection

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

6.5CVSS0.06828EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 7:32 a.m.19 views

CVE-2025-15126 JeecgBoot getPositionUserList improper authorization

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexi...

3.1CVSS0.00334EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/28 6:31 a.m.6 views

EUVD-2025-205494

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

3.1CVSS6.1AI score0.00237EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.4 views

PT-2025-53636

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the...

4.9CVSS6AI score0.00429EPSS
Exploits1References8
EUVD
EUVD
added 2025/12/25 9:30 p.m.6 views

EUVD-2025-205391

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...

5.3CVSS6.2AI score0.00258EPSS
Exploits1References5
OSV
OSV
added 2025/12/25 6:15 p.m.6 views

CVE-2025-15083

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...

4.6CVSS5.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 4:57 a.m.5 views

CVE-2025-14702

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...

4.8CVSS5.9AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder