Lucene search
+L

5361 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

6AI score0.00281EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

6AI score0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

5.9AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/02/20 12:0 a.m.15 views

CVE-2026-26724

CVE-2026-26724 affects Key Systems Inc Global Facilities Management Software v. 20230721a. A Cross Site Scripting flaw allows a remote attacker to run arbitrary code by supplying crafted values to the selectgroup and gn parameters on the Groups endpoint (described as /?Function=Groups in sources;...

7.6CVSS6.1AI score0.00281EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/02/20 12:0 a.m.14 views

CVE-2026-26722

CVE-2026-26722 affects Key Systems Inc Global Facilities Management Software v.20230721a. A remote attacker can escalate privileges through the PIN component of the login functionality. Documents consistently indicate privilege escalation as the impact; CVSSv3.1 vectors imply Network access, Low ...

9.4CVSS5.6AI score0.00333EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.11 views

Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

8.8CVSS6.6AI score0.00632EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/16 1:25 p.m.6 views

CVE-2025-32058

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code...

9.3CVSS6.4AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/02/16 7:17 a.m.6 views

CVE-2026-2543

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

5.1CVSS0.00271EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 7:2 a.m.3 views

CVE-2026-2543

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

5.1CVSS5.3AI score0.00271EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.34 views

vichan 授权问题漏洞

Vichan is an open-source PHP image panel developed by vichan-devel. Versions of Vichan 5.1.5 and earlier have a vulnerability related to authorization issues. This vulnerability stems from the handling of the Password parameter by the Password Change Handler component in the inc/mod/pages.php fil...

5.1CVSS5.9AI score0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/15 10:44 a.m.3 views

CVE-2025-32058 Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code...

9.3CVSS6.3AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 10:44 a.m.101 views

CVE-2025-32058

Summary: CVE-2025-32058 affects Bosch Infotainment ECU using a RH850 module for CAN communication. A vulnerability in processing requests for a custom protocol over the INC interface (on the RH850 side) can let an attacker who already has code execution on the infotainment main SoC execute code o...

9.3CVSS6.3AI score0.00159EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.15 views

CVE-2026-1618

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS5.4AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 2:16 p.m.5 views

CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS0.00361EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/13 1:20 p.m.3 views

CVE-2026-1619

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.3CVSS5.4AI score0.00297EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.13 views

PT-2026-7990

Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description An authorization bypass exists in FlexCity/Kiosk due to exploitation of trusted identifiers through a user-controlled key. This allows unauthorized access...

8.3CVSS5.4AI score0.00297EPSS
Exploits0References5
CVE
CVE
added 2026/02/03 10:9 p.m.18 views

CVE-2020-37084

CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:9 p.m.28 views

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS0.00814EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Arox School ERP Pro 代码问题漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of Arox School ERP Pro has a code vulnerability. This vulnerability stems from improper file validation in the pre-editstudent.inc.php file. It allows authenticated administrator users to...

8.6CVSS6.1AI score0.00814EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/01/26 6:56 p.m.11 views

WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Image Caption vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

4.4CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder