Lucene search
K

105370 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Both Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the traceroute diagnostic handler in /bin/httpdclientside, which allows uncleaned user input to...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37058

Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The traceroute diagnostic handler in the '/bin/httpd clientside' endpoint of the affected devices...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.36 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

0.00367EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.7 views

PT-2026-36957

Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...

6.1CVSS6AI score0.00219EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...

9.3CVSS6AI score0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.7 views

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

6.1AI score0.01275EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Code vulnerabilities exist in versions 1.30.2 and earlier, as well as versions 2.0.0 to 2.1.14, 2.2.0 to 2.4.3, 3.3.0 to 3.10.3, and 4.0.0 to 5.5.0 of PhpSpreadsheet. These vulnerabilities...

9.8CVSS6.4AI score0.00712EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.7 views

PT-2026-36953

Name of the Vulnerable Software and Affected Versions AWP Classifieds versions prior to 4.4.6 Description Insufficient escaping of user-supplied parameters and lack of proper preparation in SQL queries allow unauthenticated attackers to append additional SQL queries. This issue occurs via the...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37045

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37271

Name of the Vulnerable Software and Affected Versions @workos/authkit-session versions prior to 0.5.1 Description An open redirect issue exists in the handleCallback function of AuthService due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The stat...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.21 views

EFM ipTIME C200 注入漏洞

EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...

8.6CVSS7.1AI score0.02336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37222

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A flaw in the Web Management Interface component allows a remote attacker to cause a buffer overflow, which occurs when more data is written to a memory buffer than it can hold. This is achieved by...

8.6CVSS7.3AI score0.04589EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37212

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A stack-based buffer overflow occurs in the sprintf function within the yyxz.asp file. This issue allows a remote attacker to trigger the overflow by manipulating the ID argument. Recommendations A...

9CVSS7.4AI score0.0408EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the handling of parameters in the Web Management Interfac...

8.6CVSS7.4AI score0.04589EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer error vulnerability. This vulnerability arises from the function sprintf in the file yyxz.asp, where the handli...

8.6CVSS7.3AI score0.0408EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function sprintf in the HTTP Handler component, where...

10CVSS7.6AI score0.01515EPSS
Exploits1References1
OSV
OSV
added 2026/05/04 9:15 p.m.7 views

GHSA-FR8F-RWJX-F32V quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

6.3CVSS5.8AI score0.004EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.10 views

CVE-2026-7410

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7632

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS6.9AI score0.01655EPSS
Exploits0References1
Rows per page
Query Builder