Lucene search
K

687 matches found

Vulnrichment
Vulnrichment
•added 2026/04/22 1:18 p.m.•2 views

CVE-2026-6356 CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

5.8AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/04/22 12:0 a.m.•10 views

PT-2026-34335

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them ...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/04/12 12:0 a.m.•6 views

PT-2026-32148

A flaw has been found in Totolink A7100RU 7.4cu.2313 b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS5.5AI score0.01823EPSS
Exploits0References6
CVE
CVE
•added 2026/04/09 9:26 p.m.•11 views

CVE-2026-35618

OpenClaw OpenClaw package (Plivo V2 verification) vulnerability CVE-2026-35618 affects OpenClaw before 2026.3.23. The replay protection uses a replay key derived from the full verification URL, including query strings, instead of the base canonical URL. This allows an attacker to mint new verifie...

8.3CVSS6AI score0.00283EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
•added 2026/04/09 12:0 a.m.•10 views

PT-2026-31730

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type id, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/04/06 12:0 a.m.•4 views

PT-2026-30689

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System affected versions not specified Description A cross-site scripting issue exists due to manipulation of the batch argument in the Class Schedule Deletion Endpoint, specifically within the file...

5.3CVSS5.5AI score0.00278EPSS
Exploits0References8
NVD
NVD
•added 2026/04/02 2:16 p.m.•3 views

CVE-2026-5332

A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available...

6.1CVSS0.00194EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/03/31 4:0 a.m.•29 views

CVE-2026-5180 SourceCodester Simple Doctors Appointment System ajax.php sql injection

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/03/29 12:0 a.m.•6 views

PT-2026-28743

Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...

5.3CVSS5.7AI score0.00226EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/03/28 11:9 p.m.•5 views

CVE-2026-4975

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

9CVSS7.9AI score0.00632EPSS
Exploits1References1
Positive Technologies
Positive Technologies
•added 2026/03/27 12:0 a.m.•8 views

PT-2026-28695

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References9
Cvelist
Cvelist
•added 2026/03/26 1:5 p.m.•27 views

CVE-2026-4877 itsourcecode Payroll Management System index.php cross site scripting

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS0.00269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/03/22 12:0 a.m.•8 views

PT-2026-27018

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote...

9CVSS7.8AI score0.00632EPSS
Exploits1References10
EUVD
EUVD
•added 2026/03/16 3:30 p.m.•3 views

EUVD-2017-18939

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...

9.8CVSS5.8AI score0.00524EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25687

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS6.9AI score0.00278EPSS
Exploits0References8
Cvelist
Cvelist
•added 2026/03/11 6:13 p.m.•28 views

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS0.00638EPSS
Exploits1References2
OSV
OSV
•added 2026/03/09 9:16 a.m.•5 views

CVE-2026-3812

A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manageemployeeallowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been public...

6.1CVSS4.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/03/09 12:0 a.m.•5 views

PT-2026-24008

Name of the Vulnerable Software and Affected Versions Tenda i3 version 1.0.0.62204 Description A flaw exists in Tenda i3 that allows for a stack-based buffer overflow. The issue is located in the formSetCfm function within the /goform/setcfm file. Manipulation of the funcpara1 argument triggers t...

9CVSS8AI score0.00632EPSS
Exploits1References14
NVD
NVD
•added 2026/03/08 10:15 a.m.•8 views

CVE-2026-3728

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...

9CVSS0.00746EPSS
Exploits1References5
Vulnrichment
Vulnrichment
•added 2026/03/08 10:2 a.m.•4 views

CVE-2026-3728 Tenda F453 setcfm fromSetCfm stack-based overflow

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...

9CVSS6.3AI score0.00746EPSS
Exploits1References5
Rows per page
Query Builder