Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.13 views

CVE-2026-6497

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgery...

6.5CVSS6.2AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 6:15 p.m.12 views

CVE-2026-9481

A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was...

9CVSS7.8AI score0.00589EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/11 12:16 a.m.14 views

CVE-2026-8255

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...

4.8CVSS0.00202EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 12:30 a.m.4 views

EUVD-2026-23723

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

5.5CVSS5.3AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/17 12:31 a.m.4 views

EUVD-2026-12531

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:32 p.m.4 views

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/17 7:24 p.m.9 views

CVE-2026-2565

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument timezone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high...

7.5CVSS6AI score0.00751EPSS
Exploits1References1
OSV
OSV
added 2025/11/23 9:15 a.m.6 views

CVE-2025-13544

A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customerregister.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...

9.8CVSS5.5AI score0.00337EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/13 12:30 a.m.7 views

EUVD-2025-33914

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

9CVSS6.4AI score0.00772EPSS
Exploits1References6
OSV
OSV
added 2025/10/12 2:15 p.m.6 views

CVE-2025-11635

A weakness has been identified in Tomofun Furbo 360 up to FB0035FW036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did n...

6.5CVSS5.5AI score0.00418EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-20133

Malicious code in bioql PyPI...

9CVSS8.8AI score0.00884EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.8 views

CVE-2025-9531

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...

8.8CVSS6.6AI score0.00368EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.9 views

PT-2025-31901 · Portabilis · I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.10 Description: A cross-site scripting issue exists due to the manipulation of the nm motivo argument in the file /intranet/educar motivo afastamento cad.php. The attack can be launched remotely. The exploit has...

4.8CVSS3.8AI score0.00304EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.7 views

PT-2025-30186 · Eluktronics · Eluktronics Control Center

Name of the Vulnerable Software and Affected Versions: Eluktronics Control Center version 5.23.51.41 Description: A problematic issue exists within the REG File Handler component of the software due to insufficient verification of data authenticity. This can be exploited on the local host. The...

4.8CVSS3.5AI score0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/06/01 6:31 p.m.19 views

CVE-2025-5406 chaitak-gorai Blogbook posts.php unrestricted upload

A vulnerability, which was classified as critical, was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. Affected is an unknown function of the file /admin/posts.php?source=addpost. The manipulation of the argument image leads to unrestricted upload. It is possible t...

6.5CVSS0.00385EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/27 3:31 p.m.23 views

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

8.8CVSS7AI score0.00563EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.15 views

CVE-2023-5702

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...

6.5CVSS6.6AI score0.14537EPSS
Exploits3References1
OSV
OSV
added 2025/04/30 10:15 p.m.4 views

CVE-2025-4140

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure...

9.8CVSS7.7AI score0.00968EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/28 7:0 p.m.35 views

CVE-2025-2922 Netis WF-2404 BusyBox Shell cleartext storage

A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical...

2CVSS0.00125EPSS
Exploits0References4
NVD
NVD
added 2025/03/25 1:15 a.m.16 views

CVE-2025-2723

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the call is invalid as the buffer pointed to by "data" must have...

Exploits0
Rows per page
Query Builder