Lucene search
+L

1091 matches found

Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.10 views

PT-2026-35266

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

6.8CVSS5.7AI score0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

6.9CVSS7.1AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.12 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

6.9CVSS7.2AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.12 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

8.2CVSS7.1AI score0.00209EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/04/18 12:55 p.m.39 views

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

6.3AI score
Exploits0
CVE
CVE
added 2026/04/14 12:0 a.m.9 views

CVE-2025-65132

The CVE-2025-65132 entry corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in alandsilva26/hotel-management-php 1.0. The affected component is the admin-facing edit_room.php, where an attacker can inject and execute arbitrary JavaScript through the room_id GET parameter. This is...

6.1CVSS6AI score0.00181EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 5:27 p.m.3 views

EUVD-2026-19808

ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqlirealescapestring function does not escape...

8.8CVSS6.1AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.7 views

CVE-2026-26027

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS5.9AI score0.00191EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.9 views

CVE-2026-29047

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

8.8CVSS5.9AI score0.00388EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.9 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/06 2:35 p.m.5 views

EUVD-2026-19247

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS5.9AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 2:31 p.m.6 views

EUVD-2026-19245

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 2:31 p.m.3 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.14 views

QNAP Systems QuNetSwitch 操作系统命令注入漏洞

QNAP Systems QuNetSwitch is a network management software developed by QNAP Systems, a company based in Taiwan, China. It provides centralized switch management and network configuration monitoring capabilities. Previous versions of QNAP Systems QuNetSwitch, including 2.0.4.0415, had a...

9.8CVSS6.1AI score0.01061EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 11:16 p.m.11 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 8:16 p.m.5 views

UBUNTU-CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

Trane多款产品 加密问题漏洞

Trane Tracer SC, among others, are products of the American company Trane. Trane Tracer SC is a building controller for monitoring and automation management. Trane Tracer SC+ is also a building controller for monitoring and automation management. Trane Tracer Concierge is a building management...

9.8CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.11 views

SourceCodester Pet Grooming Management Software 授权问题漏洞

SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software has a vulnerability related to authorization issues. This vulnerability stems from the operation of the user...

6.5CVSS6.6AI score0.00254EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...

3.1CVSS5.9AI score0.00212EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect operations with files/api/admin/sys-file/upload, which could lead to unlimited...

9.8CVSS6.6AI score0.00307EPSS
Exploits1References8
Rows per page
Query Builder