Lucene search
K

368 matches found

Nuclei
Nuclei
added 2 days ago69 views

SuperWebmailer 7.21.0.01526 - Remote Code Execution

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection. id: CVE-2020-11546 info: name: SuperWebmailer...

9.8CVSS7.6AI score0.3173EPSS
Exploits1References5
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42840

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.25 views

CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “lang” in the function...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
NVD
NVD
added 2026/05/13 1:16 p.m.12 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS0.00207EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:2 p.m.62 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:2 p.m.23 views

CVE-2026-42950

The CVE-2026-42950 entry concerns ELECOM wireless LAN access point devices where the language parameter can be given an inappropriate value. The underlying issue may cause the admin page in the user’s web browser to become broken if a logged-in user visits a malicious page. Documented impact is b...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:2 p.m.7 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

ELECOM WAB 代码问题漏洞

ELECOM WAB is a series of wireless access points produced by the ELECOM company in Japan. ELECOM WAB has a code vulnerability that stems from the lack of checking whether the language parameter has an appropriate value. This vulnerability may cause administrator pages to be displayed incorrectly ...

5.1CVSS6.2AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40600

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 3:41 p.m.3 views

CVE-2026-41885 Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 3:38 p.m.17 views

CVE-2026-41693

CVE-2026-41693 affects i18next-fs-backend

8.2CVSS5.8AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:29 p.m.7 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:29 p.m.19 views

CVE-2026-42353

CVE-2026-42353 affects i18next-http-middleware prior to 3.9.3. User-controlled lng and ns values flow from getResourcesHandler directly into i18next.services.backendConnector.load, and depending on the configured backend this can enable path traversal or SSRF. Public advisories (GHSA-jfgf-83c5-2c...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:29 p.m.4 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS7.1AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 3:24 p.m.3 views

CVE-2026-41690 Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

8.6CVSS6AI score0.0031EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 6:16 p.m.8 views

CVE-2026-7588

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

6.9CVSS0.00449EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 5:45 p.m.17 views

CVE-2026-7588

Summary (CVE-2026-7588) : In the ggerve coding-standards-mcp project, the vulnerability affects the get_style_guide/get_best_practices function in server.py. The issue arises from manipulating the Language argument, which enables a path traversal condition. This can be exploited remotely over a n...

6.9CVSS5.8AI score0.00449EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Coding Standards MCP Server 路径遍历漏洞

Coding Standards MCP Server is a coding specifications and best practices query tool for gerve individual developers. A path traversal vulnerability exists in Coding Standards MCP Server, which stems from a misbehavior of the getstyleguide/getbestpractices function with the parameter Language in...

6.9CVSS6AI score0.00449EPSS
Exploits0References1
Rows per page
Query Builder