CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/01 12:16 a.m.•8 views

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS0.00192EPSS

CNNVD•added 2026/06/01 12:0 a.m.•7 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00192EPSS

OSV•added 2026/06/01 12:0 a.m.•9 views

ASB-A-460779368

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS6AI score0.00084EPSS

Exploits0References2

Positive Technologies•added 2026/06/01 12:0 a.m.•13 views

PT-2026-45579

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A persistent denial of service issue exists in the updateState function of GraphicsDriverEnableAngleAsSystemDriverController.java. This flaw allows for a local...

5.5CVSS5.6AI score0.00071EPSS

Exploits0References3

Positive Technologies•added 2026/06/01 12:0 a.m.•15 views

PT-2026-45576

6AI score0.00084EPSS

Exploits0References2

CNNVD•added 2026/06/01 12:0 a.m.•6 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...

7.5CVSS5.4AI score0.0057EPSS

Exploits1References3

CNNVD•added 2026/06/01 12:0 a.m.•6 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from reachable assert0 calls within the stub message processor, which could allow remote unauthenticated attackers to send E2AP message...

7.5CVSS5.4AI score0.00415EPSS

Exploits0References2

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45431

FlexRIC v2.0.0 crashes when receiving a RIC SUBSCRIPTION RESPONSE with an unknown ric id that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC SUBSCRIPTIO...

5.8AI score0.00347EPSS

Exploits0References3

OSV•added 2026/06/01 12:0 a.m.•9 views

ASB-A-459639258

In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS

Exploits0References4

CVE•added 2026/05/31 11:45 p.m.•16 views

CVE-2026-10204

CVE-2026-10204 affects OFCMS 1.1.3, specifically the JSON Query Interface. The vulnerability lies in the Query function within SysUserController.java, causing a SQL injection via remote exploitation. Public exploit access is noted, and the vendor was informed early through an issue but has not re...

ATTACKERKB•added 2026/05/31 11:45 p.m.•10 views

CVE-2026-10204

ATTACKERKB•added 2026/05/31 11:30 p.m.•8 views

CVE-2026-10203

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

CVE•added 2026/05/31 11:30 p.m.•16 views

CVE-2026-10203

The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...

ATTACKERKB•added 2026/05/31 11:15 p.m.•8 views

CVE-2026-10202

CVE•added 2026/05/31 11:15 p.m.•18 views

CVE-2026-10202

CVE-2026-10202 affects OFCMS 1.1.3. The vulnerability resides in the JSON Query Interface, specifically the function Query in SystemDictController.java, enabling SQL injection. The issue can be triggered remotely and a public exploit is available. Documents do not provide a remediation or patched...

CVE•added 2026/05/31 4:15 p.m.•17 views

CVE-2026-10193

CVE-2026-10193 affects OFCMS up to version 1.1.3. The vulnerable element is the Query function in file at com/ofsoft/cms/admin/controller/ComnController.java (ComnController). An attacker can manipulate the argument system.user.query to trigger SQL injection. The exploit is capable of remote init...

Cvelist•added 2026/05/31 4:15 p.m.•28 views

CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS0.00196EPSS

ATTACKERKB•added 2026/05/31 4:15 p.m.•10 views

CVE-2026-10193