Lucene search
K

32 matches found

CVE
CVE
added 2026/01/29 12:2 a.m.14 views

CVE-2026-1552

CVE-2026-1552 affects SEMCMS 5.0, with vulnerability in unknown code of the file /SEMCMS_Info.php. The issue arises from manipulating the argument searchml, leading to a SQL injection that can be leveraged remotely. Public exploit information has been disclosed, and the vendor was contacted but d...

9.8CVSS5.7AI score0.00343EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.3 views

CVE-2025-15114 Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability

Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...

9.8CVSS5.5AI score0.00505EPSS
Exploits1References2
OSV
OSV
added 2025/11/11 7:44 a.m.3 views

MAL-2025-108230 Malicious code in rubber_hummingbird-silentdev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b020eb8d0af2775ea48b8de006f268535de12d86a8a3a55c5744e908050f33d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:16 a.m.1 views

Malicious code in nina-keripik56-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2b96ab87e4d68128060fa8c232964715f451f9e71b9c3c201e76132b08249b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-2456

Malware in sbrugna...

5CVSS6.4AI score0.08538EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-18111

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/13 2:2 a.m.8 views

CVE-2025-10332 cdevroe unmark info.php cross site scripting

A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...

5.1CVSS0.00244EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/28 10:2 p.m.3 views

CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/billinfo.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

7.5CVSS6.7AI score0.00465EPSS
Exploits1References5
CVE
CVE
added 2025/08/27 4:32 a.m.24 views

CVE-2025-9509

CVE-2025-9509 affects itsourcecode Apartment Management System 1.0. The flaw is a SQL injection in the /report/fair_info_all.php file, triggered by manipulating the fid parameter. Based on connected sources, the issue can be exploited remotely and an exploit has been publicly released. Impact is ...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/27 4:2 a.m.3 views

CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

7.5CVSS7.4AI score0.00387EPSS
Exploits1References5
OSV
OSV
added 2025/07/12 12:15 p.m.3 views

CVE-2020-36848

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.01095EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/22 12:42 a.m.7 views

CVE-2011-3789

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/incscript/frontendrender/disabled/majonavi.php and certain other files...

5CVSS6.5AI score0.01229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:4 p.m.7 views

CVE-2006-6680

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file...

4.6CVSS6.6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.4 views

Macro-Video V380 安全漏洞

Macro-Video V380 is an IP camera from Macro-Video. A security vulnerability exists in Macro-Video V380 version 1020302, which originates in the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components could lead to the execution of arbitrary code...

2.6CVSS6.8AI score0.0026EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/04/03 12:37 a.m.26 views

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

6.7CVSS6.5AI score0.00498EPSS
Exploits2References3
CVE
CVE
added 2025/01/03 12:0 a.m.137 views

CVE-2025-22275

CVE-2025-22275 affects iTerm2 3.5.6–3.5.10; a vulnerability allows remote attackers to obtain sensitive information from terminal commands by reading /tmp/framer.txt during remote logins with certain it2ssh/SSH Integration configurations (noted when hosts share a Python installation). Root cause ...

9.3CVSS7AI score0.00499EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/10 12:0 a.m.7 views

Linksys WRT54GL Security Breach

The Linksys WRT54GL is a wireless router from Linksys, USA. A security vulnerability exists in Linksys WRT54GL version 4.30.18, which originates from an information disclosure vulnerability in the file /SysInfo1.htm...

4.3CVSS6.2AI score0.00478EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.2 views

Hospital Management System SQL注入漏洞

Hospital Management Center is a web system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management Center is vulnerable to a SQL injection vulnerability that originates in an unknown function in the file patient-info.php Lack ...

9.8CVSS7.9AI score0.00494EPSS
Exploits1References4
0day.today
0day.today
added 2021/10/07 12:0 a.m.272 views

Online Traffic Offense Management System 1.0 - Multiple Remote Code Execution Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.2AI score
Exploits0
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.4 views

Enphase Envoy 信任管理问题漏洞

The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Energy Envoy has a trust management issue vulnerability that stems from the installer and Enphase accounts having hard-coded web panel login passwords, which are hard-coded values...

5.3CVSS5.6AI score0.01603EPSS
Exploits1References3
Rows per page
Query Builder