Lucene search
K

19 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/01/19 6:53 a.m.9 views

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/12/30 8:2 p.m.5 views

EUVD-2025-205856

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

7.5CVSS6.4AI score0.00333EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/12/26 12:0 a.m.2 views

The vulnerability of the Downloads Panel component of the Mozilla Firefox browser and the Thunderbird email client allows attackers to perform spear-phishing attacks.

The vulnerability of the Downloads Panel component in the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in the authentication process, resulting from incorrect display of the domain name in the address bar. Exploiting this vulnerability allows a malicious act...

7.8CVSS7AI score0.00352EPSS
Exploits0References9Affected Software3
ATTACKERKB
ATTACKERKB
added 2025/12/09 1:38 p.m.8 views

CVE-2025-14327

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7...

7.5CVSS7.1AI score0.00352EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.9 views

InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from a flaw in the file manager functionality of the admin panel that could lead to code execution...

9.9CVSS7AI score0.00468EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.6 views

The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...

6.5CVSS7AI score0.08686EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.4 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from an administrative panel that allows an attacker to discover usernames, email addresses, passwords, an...

7.5CVSS6.6AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 p.m.3 views

CVE-2022-44294

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manageservice=...

7.2CVSS8AI score0.00726EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:29 a.m.7 views

CVE-2019-5694

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, which may lead to denial of service or...

6.5CVSS7AI score0.00573EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.8 views

The vulnerability in the “classes/Master.php?f=save_field” script of the CMS system’s administration panel for the Mobile Comparison Website allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the classes/Master.php?f=savefield script of the CMS system’s administration panel for the Mobile Comparison Website is related to insufficient protection of the website structure when processing the Field Name argument. Exploiting this vulnerability allows an attacker to...

5.5CVSS5.2AI score0.00576EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.5 views

Church Management System SQL注入漏洞

Church Management System is a church management system. A security vulnerability exists in Church Management System v1.0, which originates from a SQL injection vulnerability in the id parameter via /admin/editevent.php...

7.2CVSS7.3AI score0.0083EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.4 views

Qibosoft 跨站脚本漏洞

Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...

5.4CVSS5.3AI score0.00602EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.6 views

Apple macOS 权限许可和访问控制问题漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. Apple macOS is vulnerable to a privilege-granting and access-control issue, which arises from security restrictions not properly applied by NSOpenPanel. An attacker could exploit the vulnerability to escalate...

7.8CVSS6.9AI score0.00817EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.5 views

The vulnerability of the “Network” panel display on Google Chrome and Microsoft Edge browsers allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the “Network” panel display in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a...

4.3CVSS7AI score0.01905EPSS
Exploits0References12Affected Software6
OSV
OSV
added 2020/04/24 9:15 p.m.1 views

UBUNTU-CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

6.1CVSS6.8AI score0.01946EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25368)

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the 'resetpassword' function in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to arbitrarily change the password of the root account...

9.8CVSS7.1AI score0.02992EPSS
Exploits3References1
OSV
OSV
added 2018/04/10 6:29 a.m.3 views

CVE-2018-9923

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request...

8.8CVSS5.8AI score0.00621EPSS
Exploits1References1
CNVD
CNVD
added 2015/11/26 12:0 a.m.5 views

Bastian Allgeier Kirby Arbitrary File Upload Vulnerability

Bastian Allgeier Kirby is a content management system CMS from Bastian llgeiergs, Germany. An arbitrary file upload vulnerability exists in the Panel component of Bastian Allgeier Kirby 2.1.1 and earlier versions, which can be exploited by a remote attacker to execute arbitrary PHP code by...

6.5CVSS7.8AI score0.01255EPSS
Exploits0References1
Rows per page
Query Builder