Lucene search
K

11 matches found

OSV
OSV
added 2026/06/22 6:16 p.m.4 views

DEBIAN-CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

5.3CVSS5.9AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 3:16 a.m.8 views

CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

9.1CVSS5.7AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.3 views

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23121

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description The device sets the /etc/resolv.conf file to be world-writable, allowing any local user to modify DNS configuration. This can lead to DNS resolver tampering, potentiall...

7.1CVSS5.8AI score0.00106EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.4 views

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has security vulnerabilities; these vulnerabilities stem from the...

7.1CVSS5.8AI score0.00106EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-5232

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 4.1cu.4154 Description A flaw exists in the setUnloadUserData function within the /cgi-bin/cstecgi.cgi file of the affected product. Manipulation of the plugin name argument can lead to command injection. This allows fo...

9.8CVSS6.7AI score0.02769EPSS
Exploits1References12
NVD
NVD
added 2025/11/19 6:15 p.m.4 views

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS0.00221EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.4 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...

5.4CVSS4.3AI score0.00301EPSS
Exploits1References7
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting filepath to escape the intended...

7.2CVSS7.3AI score0.02458EPSS
Exploits1References2
OSV
OSV
added 2023/07/24 2:15 p.m.5 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS5.8AI score0.00859EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/09 12:0 a.m.4 views

Bank Locker Management System SQL注入漏洞

Bank Locker Management System is a bank locker management system. A SQL injection vulnerability exists in PHPGurukul Bank Locker Management System version 1.0, which stems from a problem with the file recovery.php, where manipulation of the parameter uname/mobile can lead to sql injection...

9.1CVSS7.6AI score0.01019EPSS
Exploits1References4
Rows per page
Query Builder