Lucene search
+L

57 matches found

Cvelist
Cvelist
added 2026/07/09 9:7 a.m.33 views

CVE-2026-2342 XSS in Oceanicsoft's ValeApp

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

9.3CVSS0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 8:45 a.m.34 views

CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.15 views

PT-2026-49145

Name of the Vulnerable Software and Affected Versions Grit42 Grit versions prior to 0.11.0 Description A SQL injection issue exists in the GritEntityController component, specifically within the file modules/core/backend/app/controllers/concerns/grit/core/grit entity controller.rb. This flaw allo...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-9359

A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument...

6.5CVSS6.4AI score0.01398EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 2:45 a.m.12 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 7:15 a.m.27 views

CVE-2026-9363

CVE-2026-9363 affects Edimax EW-7438RPn firmware 1.12. The vulnerability resides in the POST Request Handler function formEZCHNwlanSetup (file /goform/formEZCHNwlanSetu), where argument manipulation enables remote command injection. Remote exploitation is possible; an exploit is public. The vendo...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 10:0 a.m.23 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS0.01158EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:0 a.m.5 views

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

6.3CVSS4.9AI score0.00333EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/06 6:30 a.m.7 views

EUVD-2026-19164

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

6.3CVSS5.4AI score0.00323EPSS
Exploits0References5
CVE
CVE
added 2026/04/05 5:30 p.m.14 views

CVE-2026-5585

Summary of CVE-2026-5585 : Tencent AI-Infra-Guard 4.0 contains a vulnerability in the Task Detail Endpoint, specifically an unknown function within the file common/websocket/task_manager.go. Manipulation of this element results in information disclosure. The attack may be initiated remotely and, ...

7.5CVSS5.6AI score0.00641EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30454

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function execute sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The explo...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/03/29 1:17 p.m.4 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS0.00663EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/27 10:3 p.m.2 views

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

5.3CVSS5.5AI score0.00337EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 2:16 a.m.6 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:14 a.m.2 views

CVE-2026-4584

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires ...

3.1CVSS5.3AI score0.00163EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/16 6:32 p.m.6 views

EUVD-2026-12468

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

2.5CVSS4.9AI score0.00097EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25619

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...

7.5CVSS6.6AI score0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/12 5:32 a.m.35 views

CVE-2026-3990 CesiumGS CesiumJS standalone.html cross site scripting

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/23 3:2 a.m.19 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.2AI score0.00218EPSS
Exploits1
NVD
NVD
added 2026/02/16 7:17 a.m.6 views

CVE-2026-2542

A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. Thi...

7.3CVSS0.00157EPSS
Exploits0References4
Rows per page
Query Builder