Lucene search
K

369 matches found

Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35670

A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used...

5.3CVSS3.7AI score0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 2:0 a.m.26 views

CVE-2026-5719 itsourcecode Construction Management System borrowedtool.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...

6.5CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/04/02 7:0 p.m.10 views

CVE-2026-5420

CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...

2.5CVSS5AI score0.00099EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2017-20223

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...

9.8CVSS5.8AI score0.00524EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Subscriptions for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.7AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/01 9:32 a.m.30 views

CVE-2026-3388 Squirrel sqcompiler.cpp UnaryOP recursion

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

4.8CVSS0.00166EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.7 views

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS5.9AI score0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 5:3 p.m.4 views

CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 1:17 p.m.3 views

SUSE-SU-2026:20592-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS7.2AI score0.00635EPSS
Exploits2References6
CVE
CVE
added 2026/02/19 12:2 a.m.31 views

CVE-2026-2686

CVE-2026-2686 affects SECCN Dingcheng G10 3.1.0.181203. The vulnerability is in the function qq of the file /cgi-bin/session_login.cgi, where manipulating the User parameter leads to remote OS command injection. Public PoC/exploit details exist; exploitation is possible remotely and has been disc...

10CVSS5.4AI score0.02276EPSS
Exploits0References5
NVD
NVD
added 2026/02/16 2:16 a.m.10 views

CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

9.8CVSS0.0674EPSS
Exploits1References4
Veracode
Veracode
added 2026/02/11 9:25 a.m.7 views

Prototype Pollution

Locutus is vulnerable to prototype pollution. The vulnerability is due to improper validation of user input that fails to fully prevent manipulation of Object.prototype through crafted inputs leveraging String.prototype, which allows an attacker to pollute the prototype chain and potentially alte...

9.4CVSS5.5AI score0.00261EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.3 views

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16503)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16503 advisory. - Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue...

9.1CVSS5.6AI score0.0047EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.7 views

CVE-2026-2173

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

9.8CVSS5.5AI score0.00312EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.3 views

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16502)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16502 advisory. - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects...

9.1CVSS6.5AI score0.00651EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/01/19 1:35 a.m.6 views

xfig: xfig: Stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

7.8CVSS6AI score0.00249EPSS
Exploits1References5
NVD
NVD
added 2026/01/16 12:16 a.m.7 views

CVE-2021-47791

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...

7.5CVSS0.00467EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/01/15 1:11 p.m.11 views

xfig: xfig: Stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

7.8CVSS6AI score0.00249EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/01/15 12:56 p.m.8 views

xfig: xfig: Stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

7.8CVSS6AI score0.00249EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/01/15 12:28 p.m.7 views

xfig: xfig: Stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

7.8CVSS6AI score0.00249EPSS
Exploits1References5
Rows per page
Query Builder