Lucene search
K

842 matches found

Cvelist
Cvelist
added 2026/04/17 2:30 p.m.43 views

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS0.00455EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/17 2:30 p.m.4 views

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS5.6AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

TinyFileManager 安全漏洞

TinyFileManager is a web-based file manager developed by Prasathmani. It allows for online storage, uploading, editing, and management of files and folders through a web browser. Versions of TinyFileManager 2.6 and earlier contained security vulnerabilities, which stemmed from the handling of the...

5.5CVSS6.1AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-33459

Name of the Vulnerable Software and Affected Versions Prasathmani TinyFileManager versions prior to 2.7 Description A path traversal issue exists in the POST Parameter Handler component within the '/filemanager.php' file. Remote attackers can manipulate the file argument to access files and...

5.5CVSS6AI score0.00455EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.5 views

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.7AI score0.00737EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/31 9:31 p.m.7 views

EUVD-2026-17662

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.7AI score0.00737EPSS
Exploits1References7
NVD
NVD
added 2026/03/31 9:16 p.m.5 views

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS0.00737EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/31 8:15 p.m.33 views

CVE-2026-5212 D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS0.00737EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.17 views

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-4567

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...

10CVSS8AI score0.03688EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

SourceCodester Malawi Online Market SQL注入漏洞

SourceCodester Malawi Online Market is an open-source online marketplace and e-commerce management system developed using the PHP language by SourceCodester. Version 1.0 of SourceCodester Malawi Online Market contains a SQL injection vulnerability, which stems from incorrect handling of the...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/03/24 11:27 a.m.18 views

CVE-2019-25643

CVE-2019-25643 affects eNdonesia Portal v8.7 and describes multiple SQL injection vulnerabilities in banners.php via the bid parameter. The flaws allow unauthenticated attackers to execute arbitrary SQL and exfiltrate information from INFORMATION_SCHEMA tables. The vulnerability is characterized ...

8.8CVSS6.2AI score0.00346EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 1:58 p.m.29 views

CVE-2026-33354

CVE-2026-33354 affects WWBN AVideo up to version 26.0, where POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile path. The local path check (isValidURLOrPath) allows broad server directories (e.g., /var/www/, app root, cache, tmp, videos) while rejecting only .php files....

7.6CVSS5.9AI score0.00254EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/03/23 6:27 a.m.8 views

Path Traversal

croogo/croogo is vulnerable to path traversal. The vulnerability is due to improper validation of the edit-file parameter, which allows an attacker to craft malicious file paths and read arbitrary files on the server...

6.5CVSS5.9AI score0.00597EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/03/23 3:31 a.m.3 views

EUVD-2026-14349

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...

10CVSS6.5AI score0.03688EPSS
Exploits1References7
NVD
NVD
added 2026/03/23 3:16 a.m.3 views

CVE-2026-4567

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...

10CVSS0.03688EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/23 1:30 a.m.3 views

CVE-2026-4567

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...

10CVSS6.5AI score0.03688EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 1:30 a.m.3 views

CVE-2026-4567 Tenda A15 UploadCfg stack-based overflow

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public an...

10CVSS6.5AI score0.03688EPSS
Exploits1References6
CVE
CVE
added 2026/03/23 1:30 a.m.20 views

CVE-2026-4567

CVE-2026-4567 affects Tenda A15 firmware 15.13.07.13. The vulnerability is a stack-based buffer overflow in the UploadCfg function (/cgi-bin/UploadCfg) triggered by manipulating the File argument, allowing remote exploitation. Public exploit information exists. Red Hat/EUVD/NVD references corrobo...

10CVSS8AI score0.03688EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder