Lucene search
K

105359 matches found

EUVD
EUVD
added 2026/05/05 7:48 p.m.6 views

EUVD-2026-27482

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 7:48 p.m.34 views

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:48 p.m.4 views

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/05 7:46 p.m.9 views

EUVD-2026-27480

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

9.3CVSS6.5AI score0.00425EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 7:44 p.m.7 views

EUVD-2026-27478

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS6AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 7:44 p.m.35 views

CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:44 p.m.6 views

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS6AI score0.00302EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/05 7:16 p.m.7 views

CVE-2026-7855

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

9CVSS0.01057EPSS
Exploits1References5
NVD
NVD
added 2026/05/05 7:16 p.m.11 views

CVE-2026-7854

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

10CVSS0.0586EPSS
Exploits1References5
NVD
NVD
added 2026/05/05 7:16 p.m.9 views

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS0.00435EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 7:0 p.m.6 views

EUVD-2026-27438

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:0 p.m.5 views

CVE-2026-32699

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/05 7:0 p.m.10 views

CVE-2026-7856

CVE-2026-7856 affects D-Link DI-8100 Web Management Interface; a buffer overflow in /url_member.asp when manipulating the Name parameter can be triggered remotely. An exploit has been published; details on remediation/patch are not provided in the available documents.

8.6CVSS7.5AI score0.04589EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:0 p.m.8 views

CVE-2026-7856 D-Link DI-8100 Web Management url_member.asp buffer overflow

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /urlmember.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and...

8.6CVSS7.5AI score0.04589EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/05 6:55 p.m.9 views

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

Summary The markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage: python pptagent/mcpserver.py:127-143 def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/05 6:46 p.m.6 views

EUVD-2026-27422

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.6AI score0.00435EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:46 p.m.8 views

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.6AI score0.00435EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:42 p.m.10 views

@workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/05 6:42 p.m.11 views

GHSA-VVVV-983W-R7PV @workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 6:33 p.m.6 views

EUVD-2026-27384

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References3
Rows per page
Query Builder