Lucene search
+L

8 matches found

nvd
nvd
added 2026/07/04 4:17 p.m.9 views

CVE-2026-14633

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...

5.3CVSS0.00288EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.11 views

PT-2026-55709

Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions prior to 49b20f53de2b7ec34e920b11c863f1491d911a04 Description A cross site scripting issue exists in the Hidden REST API Endpoint component. A remote attacker can exploit this by manipulatin...

5.3CVSS5.3AI score0.00288EPSS
Exploits0References13
osv
osv
added 2026/07/02 12:0 a.m.4 views

MAL-2026-6784 Malicious code in @marketfront/livestreampreviewpopup (npm)

The @marketfront/livestreampreviewpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...

6.2AI score
Exploits0References2
osv
osv
added 2026/06/11 5:10 a.m.20 views

MAL-2026-5577 Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...

6.5AI score
Exploits0References2
redhatcve
redhatcve
added 2025/12/10 9:16 p.m.6 views

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

9.3CVSS7.1AI score0.00454EPSS
Exploits1References1
packetstorm
packetstorm
added 2025/07/29 12:0 a.m.147 views

📄 Xorux XorMon-NG 1.8 Information Disclosure

Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

5.3CVSS6.2AI score0.06894EPSS
Exploits2
osv
osv
added 2023/05/03 3:15 p.m.6 views

CVE-2023-29240

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.4CVSS6.2AI score0.00405EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/01/21 12:0 a.m.6 views

F5 Nginx 跨站脚本漏洞

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

5.5CVSS5.8AI score0.0053EPSS
Exploits0References3
Rows per page
Query Builder