Lucene search
K

105373 matches found

EUVD
EUVD
added 2026/05/05 12:30 a.m.9 views

EUVD-2026-27153

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00211EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.6 views

WordPress plugin GeekyBot SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-36961

Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...

6.1CVSS6AI score0.00211EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

NagaAgent 路径遍历漏洞

NagaAgent is a 2D AI assistant developed by RTGS2017. It supports streaming tool calls, knowledge graph memory, and voice interactions. Versions of NagaAgent 5.1.0 and earlier have a path traversal vulnerability. This vulnerability stems from the handling of the parameter Name by the Skills...

7.5CVSS7.2AI score0.00501EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36969

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create template method of the CheckForm class, where realpath is called on the allowed base directory...

6.5CVSS5.9AI score0.0057EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37210

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.4 Description SQL Injection occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. This allows attackers to inject...

9.8CVSS6AI score0.00367EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-36974

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print pdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 12:0 a.m.15 views

CVE-2026-38428

Kestra v1.3.3 and earlier are vulnerable to an SQL Injection flaw caused by user-supplied input from a GET parameter being directly concatenated into an SQL query without sanitization or parameterization. The root cause is unsafe string concatenation in the database query, enabling injection of a...

9.8CVSS6AI score0.00367EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function tgglasp in the file/tggl.asp within the HTTP...

9CVSS7.6AI score0.01057EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37235

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description A SQL injection exists in the beanFeed.cfc component within the getQuery function's processing o...

9.3CVSS6AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Crestron Touchpanels 参数注入漏洞

Crestron Touchpanels are a series of intelligent network touchscreen devices developed by Crestron Corporation in the United States. These devices are used for scheduling in enterprise meeting rooms, controlling audio-visual systems, and automating smart buildings. Crestron Touchpanels have a...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37316

Name of the Vulnerable Software and Affected Versions ciguard versions 0.8.0 through 0.8.1 Description The discover pipeline files function in src/ciguard/discovery.py improperly handles symlinks when walking a directory tree. An attacker who can place a symlink in a directory being scanned can...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36963

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.20 views

PT-2026-36966

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr update form action meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with ...

7.2CVSS6AI score0.00359EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37237

Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.0 through 7.2.9 Masa CMS versions 7.3.0 through 7.3.14 Masa CMS versions 7.4.0 through 7.4.9 Masa CMS versions 7.5.0 through 7.5.2 Description The unauthenticated JSON API accepts an altTable parameter that is stored via...

9.3CVSS6AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36993

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder versions prior to 1.15.43 Description Insufficient escaping of user-supplied parameters and a lack of proper preparation in SQL queries allow unauthenticated attackers ...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.7 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

6AI score0.00367EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.4 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

6AI score0.00367EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.40 views

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

0.01275EPSS
Exploits0References3
Rows per page
Query Builder