Lucene search
K

105373 matches found

Cvelist
Cvelist
added 2026/05/04 5:19 p.m.33 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00732EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:19 p.m.5 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 5:19 p.m.7 views

EUVD-2026-27079

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 5:15 p.m.29 views

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
OSV
OSV
added 2026/05/04 9:31 a.m.7 views

GHSA-GCMM-C94J-J47X @puchunjie/doc-tools-mcp has a Path Traversal Issue

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.3CVSS6.3AI score0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 9:16 a.m.8 views

CVE-2026-7745

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 8:45 a.m.43 views

CVE-2026-7749 Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

9CVSS0.00563EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 8:45 a.m.18 views

CVE-2026-7749

Totolink N300RH version 3.2.4-B20220812 is affected. The vulnerability is in the POST Request Handler function setWanConfig (file /cgi-bin/cstecgi.cgi); manipulating the priDns argument can cause a buffer overflow. The issue can be triggered remotely, and the exploit has been publicly disclosed (...

9CVSS7.8AI score0.00563EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 8:45 a.m.16 views

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

9CVSS6.2AI score0.00563EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/04 8:30 a.m.5 views

CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

9CVSS7.8AI score0.00463EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 8:16 a.m.37 views

CVE-2026-7741

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 8:16 a.m.50 views

CVE-2026-7742

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

6.5CVSS0.00241EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 8:16 a.m.34 views

CVE-2026-7743

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00241EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 8:15 a.m.20 views

CVE-2026-7747

CVE-2026-7747 affects Totolink N300RH (firmware 3.2.4-B20220812). The vulnerability lies in the Parameter Handler’s file /cgi-bin/cstecgi.cgi, specifically the loginauth function where manipulating the Password argument can cause a buffer overflow. It is network-borne with no authentication requi...

10CVSS7.7AI score0.00606EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/04 8:15 a.m.6 views

CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

10CVSS7.7AI score0.00606EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:15 a.m.5 views

CVE-2026-7747

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

10CVSS7.7AI score0.00606EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 7:45 a.m.5 views

EUVD-2026-26933

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 7:45 a.m.6 views

CVE-2026-7745

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/04 7:30 a.m.6 views

EUVD-2026-26931

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 7:30 a.m.34 views

CVE-2026-7744 CodeAstro Online Classroom addnewstudent sql injection

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS0.00192EPSS
Exploits0References5
Rows per page
Query Builder