Lucene search
+L

557 matches found

Debian CVE
Debian CVE
added 2026/05/04 12:0 a.m.10 views

CVE-2026-37458

Missing input validation in the MPREACHNLRI component of FRRouting FRR stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service DoS via supplying a crafted UPDATE message...

6.5CVSS5.8AI score0.00249EPSS
Exploits0
CNVD
CNVD
added 2026/04/24 12:0 a.m.11 views

TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...

6.5CVSS6AI score0.00279EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunuser parameter, which originates from the failure of the stunuser parameter in the cstecgi.cgi file to properly validate user input, and can be exploite...

6.5CVSS6AI score0.00279EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/15 4:11 p.m.33 views

CVE-2026-20061 Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

4.3CVSS0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.6 views

CVE-2026-5493

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in...

7.8CVSS6.2AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.3 views

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

6AI score0.00516EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 12:0 a.m.3 views

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

10CVSS5.8AI score0.0052EPSS
Exploits1References3
NVD
NVD
added 2026/04/01 5:28 p.m.12 views

CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS0.00549EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 9:3 a.m.55 views

CVE-2026-23898

Joomla! Core (com_joomlaupdate) is affected by an arbitrary file deletion vulnerability due to lack of input validation in the autoupdate server mechanism. The issue is documented across multiple sources (e.g., CVE-2026-23898, JOOMLA-1031, BIT-JOOMLA-2026-23898) and is tied to Joomla core updates...

8.6CVSS6AI score0.00454EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:3 a.m.36 views

CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

8.6CVSS0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:1 a.m.5 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

9.8CVSS6.1AI score0.01659EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.10 views

IBM Storage Protect Server SQL注入漏洞

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through = 1.2.62...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 11:38 p.m.3 views

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/23 6:30 p.m.3 views

EUVD-2026-14461

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

6.3AI score0.02502EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/03/23 3:26 p.m.3 views

gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS6AI score0.00566EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 5:29 a.m.16 views

CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12) is vulnerable due to insufficient input validation in the bulkTenReviews function, allowing user-controlled data to be passed to a variable function call ...

7.3CVSS6.6AI score0.00447EPSS
Exploits0References5
NVD
NVD
added 2026/03/13 7:53 p.m.12 views

CVE-2026-1668

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.An unauthenticated attacker with networ...

9.8CVSS0.00969EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:31 p.m.2 views

CVE-2026-20117

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability exists because the web-based management interfa...

6.1CVSS6AI score0.00207EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder