Lucene search
K

73 matches found

CVE
CVE
added 2026/06/15 1:30 a.m.21 views

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:0 p.m.7 views

CVE-2026-11531

A security flaw has been discovered in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/adminlogin.php of the component Administrator Login Endpoint. Performing a manipulation of the argument ausr/apwd results in s...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.9 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS8.1AI score0.00481EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 a.m.12 views

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS0.00336EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/25 12:30 a.m.15 views

EUVD-2026-31612

A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. It is possible to launc...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-42981

A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. It is possible to launc...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 12:13 p.m.10 views

EUVD-2025-209906

Cross-Site request forgery CSRF vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8CVSS5.8AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 3:0 a.m.56 views

CVE-2026-8786 Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

6.5CVSS0.00269EPSS
Exploits1References4
CVE
CVE
added 2026/05/05 12:30 p.m.20 views

CVE-2026-7833

CVE-2026-7833 affects EFM ipTIME C200 firmware up to 1.092. The vulnerability lies in the function sub_408F90 of /cgi/iux_set.cgi (ApplyRestore Endpoint), where improper handling of the RestoreFile argument enables remote command injection. Impact includes high risk to confidentiality, integrity,...

8.6CVSS6.7AI score0.02336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 12:15 p.m.6 views

CVE-2026-7695 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue sql injection

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 9:31 p.m.7 views

GHSA-H7XC-4MV8-59FJ mcp-url-downloader has a Server-Side Request Forgery issue

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.3CVSS6.7AI score0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.32 views

PT-2026-35273

Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036 Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec...

7.5CVSS7.8AI score0.01338EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/17 3:31 p.m.3 views

EUVD-2026-23425

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.7 views

PT-2026-33456

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...

6.9CVSS5.4AI score0.00384EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30584

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...

6.9CVSS5.8AI score0.00489EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/05 2:0 a.m.2 views

CVE-2026-5535

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

5.3CVSS5.4AI score0.00528EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30409

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service url of the file JudgeServer.service url of the component judge server heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack...

6.5CVSS5.6AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/03 9:30 a.m.5 views

EUVD-2026-18605

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

4.8CVSS5.5AI score0.00105EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 6:31 a.m.3 views

EUVD-2026-17773

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.4AI score0.00273EPSS
Exploits1References5
Rows per page
Query Builder