Lucene search
K

585 matches found

Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.12 views

PT-2026-22007

Name of the Vulnerable Software and Affected Versions z-9527 admin versions 1.0 through 2.0 Description A SQL injection issue exists in z-9527 admin. The issue is located in the checkName, register, login, getUser, and getUsers functions within the /server/controller/user.js file. This allows for...

7.5CVSS7.6AI score0.00321EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/02/24 1:32 a.m.3 views

CVE-2026-3052 DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

6.5CVSS5.5AI score0.00298EPSS
Exploits1References5
CVE
CVE
added 2026/02/20 11:27 a.m.12 views

CVE-2025-10970

CVE-2025-10970 applies to Kolay Software Inc. Talentics (through version 20022026). The issue is an SQL Injection in Talentics caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Several sources (NVD/Red Hat/CVE listing) confirm the vulnerability d...

9.8CVSS5.5AI score0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/16 7:32 a.m.5 views

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS7AI score0.02249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/16 7:32 a.m.39 views

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS0.02249EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.20 views

PT-2026-8310

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 V2 version 2.6.0.2 Description A remote command injection issue exists in Comfast CF-N1 V2 2.6.0.2. The issue is located in the sub 44AC4C function within the /cgi-bin/mbox-config file. Manipulation of the bandwidth argument in t...

6.5CVSS6.7AI score0.13525EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.5 views

CVE-2025-10912

Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not...

5.4CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.4 views

CVE-2025-7347

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosur...

8.8CVSS5.5AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 8:1 a.m.3 views

CVE-2025-10913 XSS in saastech.io's TemizlikYolda

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting XSS. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about thi...

8.3CVSS5.4AI score0.00257EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.5 views

CVE-2025-10463

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the releva...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 11:45 a.m.12 views

CVE-2025-7708

CVE-2025-7708 describes Insertion of Sensitive Information Into Sent Data in Atlas Educational Software Industry Ltd. Co. K12net, affecting the k12net component up to version 09022026. The underlying issue is that sensitive information can be inserted into data that is sent, enabling potential co...

6.8CVSS5.2AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/06 8:32 p.m.29 views

CVE-2026-2066 UTT 进取 520W formIpGroupConfig strcpy buffer overflow

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the publi...

9CVSS0.0065EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/03 7:2 p.m.4 views

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS5.4AI score0.03335EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-6061

Name of the Vulnerable Software and Affected Versions Ziroom ZHOME A0101 version 1.0.1.0 Description A weakness exists in the Dropbear SSH Service component of Ziroom ZHOME A0101. This issue allows for the use of default credentials, potentially enabling remote exploitation. The exploitability is...

9.2CVSS5.3AI score0.00604EPSS
Exploits0References10
OSV
OSV
added 2026/02/02 4:15 a.m.8 views

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commitvpnclifileupload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit i...

7.2CVSS5.4AI score0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/29 1:40 p.m.5 views

CVE-2025-7013 IDOR in QRMenumPro's Menu Panel

Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

5.7CVSS5.4AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5308

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci session leads to improper authorization. The attack may be performed from remote. The exploit has been...

6.5CVSS5.4AI score0.00272EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/23 11:55 a.m.37 views

CVE-2025-2204 XSS in Tapandsign Technologies' Tap&Sign App

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting XSS. This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but...

4.7CVSS0.00292EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/23 9:18 a.m.5 views

CVE-2025-4764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosu...

8.8CVSS5.6AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 10:16 a.m.5 views

CVE-2025-4764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

8.8CVSS0.00443EPSS
Exploits0References2
Rows per page
Query Builder