Lucene search
K

925 matches found

CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Bird-lg-go 安全漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...

7.5CVSS6AI score0.00388EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 参数注入漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

6CVSS6.1AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

TinyWeb 参数注入漏洞

TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.01 contained a parameter injection vulnerability. This vulnerability stemmed from allowing unverified remote attackers to bypass the CGI parameter security controls of the web server,...

10CVSS6.2AI score0.00748EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:25 p.m.8 views

CVE-2025-9062

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

7.3CVSS5.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.5 views

CVE-2026-27178

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

7.2CVSS5.5AI score0.00227EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 11:15 a.m.6 views

CVE-2025-9062

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

7.3CVSS0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 10:57 a.m.4 views

CVE-2025-9062 IDOR in MeCODE Informatics' Envanty

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

7.3CVSS5.3AI score0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 10:57 a.m.13 views

CVE-2025-9062

CVE-2025-9062 describes an Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty. Impacted versions: Envanty 1.0.0 through 19022026. The issue is described as a parameter injection that enables an adjacent, low-privilege attacke...

7.3CVSS5.3AI score0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 10:57 a.m.33 views

CVE-2025-9062 IDOR in MeCODE Informatics' Envanty

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

7.3CVSS0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 10:57 a.m.5 views

CVE-2025-9062

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

7.3CVSS5.3AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20803

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: from 1.0.0 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.3CVSS5.5AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

Weblate 参数注入漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.0 contained a parameter injection vulnerability. This vulnerability stemmed from the SSH management console failing to validate the input when adding SSH host keys,...

9.1CVSS5.8AI score0.00447EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

MeCODE Envanty 安全漏洞

MeCODE Envanty is an enterprise resource planning management system developed by the Turkish company MeCODE. Versions of MeCODE Envanty prior to 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through user-controlled keys, which could lead to...

7.3CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Versions of Delinea Cloud Suite prior to 25.2 HF1 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements within SQL...

9.3CVSS5.9AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from parameter injection in the document processing function. This vulnerability may...

9.8CVSS6.1AI score0.00544EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 9:10 p.m.25 views

CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...

7.2CVSS0.00227EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.6 views

PHPGurukul Student Management System 安全漏洞

PHPGurukul Student Management System is a student management system developed by PHPGurukul Corporation. Version 1.0 of the phpgurukul Student Management System has a security vulnerability; this vulnerability stems from the searchdata parameter in the studentms/admin/search.php file, which is...

8.8CVSS5.8AI score0.00328EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/16 5:4 p.m.4 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.11 views

PT-2026-8366

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in paramete...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.2 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
Rows per page
Query Builder