Lucene search
K

72733 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Wecodex SAT CFDI SQL注入漏洞

Wecodex SAT CFDI is an electronic invoice generation and management system developed by Wecodex Corporation. Version 3.3 of Wecodex SAT CFDI contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter. This vulnerability may lead to SQL injection...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28523

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.37 Description BentoML is a Python library used for building online serving systems for AI applications and model inference. A flaw exists where the docker.system packages field within the bentofile.yaml file does...

7.8CVSS6.2AI score0.00257EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28295

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software suffers from Improper Input Validation, enabling an attacker to inject executable code. This could lead to attacks such as Cross-Site Scripting XSS, SQL Injection, an...

9.8CVSS6AI score0.00997EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

WebOfisi E-Ticaret 跨站脚本漏洞

WebOfisi E-Ticaret is an e-commerce website building and management system provided by the Turkish company WebOfisi. Version 4.0 of WebOfisi E-Ticaret has a cross-site scripting vulnerability, which stems from insufficient input validation for the “product” parameter. This vulnerability may lead ...

8.8CVSS5.7AI score0.00271EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.4 views

Ory polis 输入验证错误漏洞

Ory Polis is an open-source enterprise single-sign-on and directory synchronization solution developed by Ory. Versions of Ory Polis prior to 26.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper trust in URL parameters with the callbackUrl...

8.8CVSS5.6AI score0.00428EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Wecodex Online Store System CMS SQL注入漏洞

Wecodex Online Store System CMS is a content management system for online stores developed by Wecodex. Version 1.0 of the Wecodex Online Store System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of email parameter inputs, which may lead to SQL...

8.8CVSS5.8AI score0.00334EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

polkit 安全漏洞

Polkit is a component in Unix-like operating systems that controls system-wide permissions. It enables communication between processes with different priority levels by defining and auditing permission rules. Polkit has a security vulnerability, which stems from insufficient input validation for...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.110 views

📄 OpenEMR 8.0.0.2 SQL Injection

OpenEMR version 8.0.0.2 contains a remote SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. CVE-2026-33910 - SQL Injection Vulnerability in...

8.8CVSS5.9AI score0.00427EPSS
Exploits2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...

9.8CVSS5.8AI score0.00997EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

TP-LINK TL-WR841N 安全漏洞

The TP-LINK TL-WR841N is a wireless router produced by TP-LINK Corporation. Versions of the TP-LINK TL-WR841N prior to v14 EN0.9.1 4.19 Build 260303 Rel.42399n V14260303 and US0.9.1.4.19 Build 260312 Rel.49108n V140304 contained security vulnerabilities. These vulnerabilities were caused by...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Versions of Squid prior to 7.5 contained security vulnerabilities, which were caused by improper input...

6.9CVSS5.8AI score0.01039EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

NetScaler ADC and NetScaler Gateway Memory Overread (CTX696300 / CVE-2026-3055)

The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 14.1 prior to 14.1-60.58, 13.1 prior to 13.1-62.23, or 13.1-FIPS/NDcPP prior to 13.1-37.262. It is, therefore, affected by a vulnerability: - Insufficient input validation in NetScaler ADC...

9.8CVSS7.5AI score0.83996EPSS
Exploits7References2
EUVD
EUVD
added 2026/03/25 11:31 p.m.6 views

EUVD-2026-16032

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/25 9:12 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. An attacker can cause excessive CPU consumption and block the event loop by supplying crafted extglob patterns that trigger catastrophic backtracking i...

8.7CVSS5.7AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 6:47 p.m.5 views

CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through = 1.2.62...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15937

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15804

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS5.8AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15575

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder