Lucene search
K

17 matches found

CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router produced by the Chinese company Tenda. The Tenda AC15V1.0 V15.03.05.18multi version has a security vulnerability. This vulnerability stems from the lack of checking for the v1 parameter in the goform/formsetUsbUnload function, which may lead to command injectio...

9.8CVSS5.8AI score0.01704EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.4 views

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 1.0 of JEEWMS has a security vulnerability, which stems from the id1 and id2 parameters in the /systemControl.do interface, making them vulnerable to SQL injection attacks...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.14 views

CVE-2026-1042

The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digitone' and 'digittwo' parameters in all versions up to, and including, 1.02 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 5:30 a.m.22 views

CVE-2026-1042

CVE-2026-1042 stems from the WP Hello Bar WordPress plugin. Wordfence reports a Stored Cross-Site Scripting vulnerability in all versions up to 1.02 via the digit_one and digit_two parameters, exploitable by authenticated attackers with administrator-level access and above. The impact is arbitrar...

4.4CVSS5.8AI score0.00203EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/19 10:13 p.m.7 views

WordPress WP Hello Bar plugin <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'digitone' and 'digittwo' Parameters vulnerability discovered by 0x34rth in WordPress Plugin WP Hello Bar versions = 1.02...

4.4CVSS5.4AI score0.00203EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/12/29 12:0 a.m.6 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079178)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates...

9.8CVSS7.3AI score0.00662EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 4:15 p.m.5 views

CVE-2024-44639

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php...

6.5CVSS5.8AI score0.00235EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/06/03 5:4 p.m.9 views

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

9.3CVSS5.8AI score0.05849EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Tenda FH1206 安全漏洞

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a buffer overflow vulnerability that originates from the list1 parameter of ip/goform/DhcpListClient failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

8.8CVSS8.2AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

Moses Operating System Command Injection Vulnerability

Moses is a statistical machine translation system. An operating system command injection vulnerability exists in Moses mosesdecoder version 4.0 and earlier versions, which stems from the fact that incorrect manipulation of the parameter input1 can lead to operating system command injection...

9.8CVSS7.5AI score0.04158EPSS
Exploits1References3
OSV
OSV
added 2022/12/13 6:30 p.m.5 views

GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

9.8CVSS6.6AI score0.0193EPSS
Exploits6References2
Positive Technologies
Positive Technologies
added 2022/10/30 12:0 a.m.3 views

PT-2022-5713 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.1.64 Description: The issue is related to buffer overflow errors in the NETGEAR R7000P router's software. Exploitation of this issue may allow a remote attacker to execute arbitrary code through parameters KEY1 and...

10CVSS8.5AI score0.01091EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

Tenda Ax3 命令注入漏洞

Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command injection vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a denial of service DoS via the gateway, dns1, and dns2 parameters...

9.8CVSS5.8AI score0.18506EPSS
Exploits1References2
OSV
OSV
added 2018/09/21 4:29 p.m.5 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/02/22 7:29 p.m.4 views

CVE-2018-7315

SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2010/04/28 11:30 p.m.2 views

DEBIAN-CVE-2010-1594

Multiple cross-site scripting XSS vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via 1 the query string, 2 the BASE parameter, or 3 the ega1 parameter. NOTE: some of these details are obtained from third party...

4.3CVSS6AI score0.01131EPSS
Exploits1References1
Rows per page
Query Builder