Lucene search
K

275 matches found

NVD
NVD
added yesterday3 views

CVE-2026-15428

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS
Exploits0References2
OSV
OSV
added 2 days ago2 views

CVE-2026-15524 alioshr memory-bank-mcp list-project-files-validation-factory.ts path traversal

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References8
CVE
CVE
added 2026/06/22 3:18 p.m.19 views

CVE-2026-11942

CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:5 a.m.7 views

BIT-GITLAB-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

3.7CVSS5.4AI score0.00158EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 12:16 p.m.16 views

CVE-2026-6976

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

3.7CVSS0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 10:20 a.m.10 views

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

3.7CVSS5.5AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 8:16 p.m.11 views

CVE-2026-11583

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS0.00204EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/04 2:24 p.m.13 views

Regular Expression Denial of Service (ReDoS)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated into a regular...

7.5CVSS5.5AI score0.00622EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/27 9:54 p.m.15 views

CVE-2026-46402 Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

8.1CVSS5.8AI score0.00674EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25367

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom...

6.9CVSS6AI score0.00168EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.13 views

PT-2026-41549

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH...

8.6CVSS6.4AI score0.00138EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 4:16 p.m.23 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.14 views

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.8AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 7:24 p.m.14 views

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a local buffer overflow vulnerability in the License Name input that can lead to arbitrary code execution via SEH overwrite when processing license registration. Affected component: License handling in the application; root cause: buffer overflow in licens...

8.6CVSS6.8AI score0.00163EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 7:24 p.m.11 views

CVE-2018-25314

CVE-2018-25314 affects Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217, where a buffer overflow in the License Name field allows local attackers to execute arbitrary code via input containing shellcode with an SEH overwrite, potentially gaining application-privilege execution. The NVD/CVE r...

8.6CVSS6.3AI score0.00165EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 7:24 p.m.7 views

EUVD-2018-21835

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

8.6CVSS6.3AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 10:16 p.m.5 views

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 6:45 p.m.6 views

EUVD-2026-26147

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

4.8CVSS3.1AI score0.00202EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 6:30 p.m.5 views

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.4AI score0.00202EPSS
Exploits0References5
NVD
NVD
added 2026/04/26 10:17 p.m.5 views

CVE-2018-25292

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an...

6.9CVSS0.00137EPSS
Exploits0References4
Rows per page
Query Builder