Lucene search
K

124 matches found

CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

flow-core-x 代码问题漏洞

flow-core-x is a simple and powerful continuous integration and deployment server open source from flow.ci. Versions of flow-core-x 1.23.01 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the Save function in the ConfigServiceImpl.java file within the SMTP Host...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/03/13 7:53 p.m.8 views

CVE-2025-13778

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

7.1CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/03/08 3:15 p.m.7 views

CVE-2026-3743

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...

5.4CVSS0.00196EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/08 3:2 p.m.3 views

CVE-2026-3743

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...

5.1CVSS4.2AI score0.00196EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/27 7:16 p.m.3 views

CVE-2026-27754

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

6.5CVSS5.8AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

PSI Probe 代码问题漏洞

PSI Probe is an open-source monitoring and management tool for Tomcat developed by Psi-Probe. Versions of PSI Probe 5.3.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from operations on the lookup function in the psi-probe-core/src/main/java/psiprobe/tools/Whois.java...

8.8CVSS6.7AI score0.00362EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/24 7:30 a.m.5 views

CVE-2026-2972

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

5.4CVSS2.9AI score0.00259EPSS
Exploits1References1
NVD
NVD
added 2026/02/22 8:15 a.m.8 views

CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

4.8CVSS0.00198EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/22 7:32 a.m.28 views

CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

4.8CVSS0.00218EPSS
Exploits1References6
NVD
NVD
added 2026/02/16 2:16 p.m.6 views

CVE-2026-2558

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/19 6:32 a.m.22 views

CVE-2026-1142 PHPGurukul News Portal cross-site request forgery

A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

5.3CVSS0.00197EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-52868

Name of the Vulnerable Software and Affected Versions Print Invoice & Delivery Notes for WooCommerce versions up to and including 5.8.0 Description The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is susceptible to Remote Code Execution due to a missing capability check...

9.8CVSS7AI score0.032EPSS
Exploits0References18
EUVD
EUVD
added 2025/11/30 6:30 p.m.4 views

EUVD-2025-199935

A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. T...

7.5CVSS7.2AI score0.00402EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

Agnitum Outpost Security Suite 安全漏洞

Agnitum Outpost Security Suite is an Internet security suite from the Russian company Agnitum. A security vulnerability exists in Agnitum Outpost Security Suite versions 7.5.3 and 7.6, which stems from a flaw in the lock function that could allow a local attacker to execute arbitrary code...

7.7CVSS6.9AI score0.00187EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.4 views

PT-2025-44058

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1 Description A flaw exists in Willow CMS that allows for unrestricted file uploads. This issue is present in a file located at /admin/images/add and involves an unknown function. Remote attackers can exploit...

5.8CVSS5.1AI score0.0035EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.5 views

Rockwell Automation FactoryTalk Linx 安全漏洞

Rockwell Automation FactoryTalk Linx is a suite of industrial communication solutions from Rockwell Automation USA. The product is primarily used to communicate between small applications and large automation systems, among others. A security vulnerability exists in Rockwell Automation FactoryTal...

8.5CVSS6.5AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/10 8:2 p.m.9 views

CVE-2025-11583 code-projects Online Job Search Engine postjob.php sql injection

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

7.5CVSS0.00379EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2175

Malware in sbrugna...

7.2CVSS7AI score0.01886EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-16682

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18242

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder