Lucene search
K

688 matches found

Cvelist
Cvelist
added 2026/05/23 10:0 a.m.20 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS0.01158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.14 views

PT-2026-42874

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS5.6AI score0.01158EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 9:16 p.m.29 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS0.00398EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.11 views

CVE-2026-8737

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 4:16 p.m.14 views

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS0.00397EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 a.m.8 views

EUVD-2026-29368

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.12 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.37 views

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 10:0 a.m.5 views

CVE-2026-7612

A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...

5.8CVSS5.6AI score0.00206EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/29 9:16 a.m.5 views

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:30 a.m.10 views

CVE-2026-42517

The CVE-2026-42517 entry affects the e-Sushrut HMIS system, where a vulnerability arises from using reversible Base64 encoding to protect sensitive data. The root cause is that sensitive parameters in the request URL are Base64-encoded rather than securely protected, allowing an authenticated att...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:26 a.m.3 views

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS5.4AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:22 a.m.5 views

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35883

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Improper access control in resource access validation allows an authenticated attacker to gain unauthorized access to sensitive patient information by manipulating parameters in the API...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 4:16 p.m.4 views

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

10CVSS0.01766EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 3:31 p.m.3 views

EUVD-2026-24750

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 2:17 p.m.8 views

CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

9.6CVSS0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:18 p.m.3 views

CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:18 p.m.27 views

CVE-2026-6356 CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

0.00287EPSS
Exploits0References1
Rows per page
Query Builder