Lucene search
K

105389 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

6.1CVSS6.5AI score0.79527EPSS
In wildExploits7References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36749

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description An issue exists in the POST Request Handler component where the manipulation of the webWlanIdx argument in the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi' endpoint allows for...

6.5CVSS6.9AI score0.00916EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

Hoteam Product Data Management System 注入漏洞

The Hoteam Product Data Management System is a product data management system developed by Hoteam Corporation. Versions of the Hoteam Product Data Management System 8.3.9 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the GetQueryMachineGridOnePageData...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36787

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

4.4CVSS5.8AI score0.00151EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The Totolink WA300 5.2cu.7112B20190227 version has a vulnerability due to an issue with the function NTPSyncWithHost in the file/cgi-bin/cstecgi.cgi. This issue allows for command injection through the parameter...

6.5CVSS6.6AI score0.00916EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36744

Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/studentdetails that allows for SQL injection attacks wh...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-36790

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36910

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

9.3CVSS6AI score0.04983EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

6.5CVSS6.4AI score0.00916EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36760

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get state.php. The manipulation of the argument G STATE ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

6.5CVSS6.4AI score0.00246EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36786

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

MCP-RTFM 路径遍历漏洞

MCP-RTFM is an intelligent document generation and knowledge base construction tool developed by Ryan Joachim. Version 0.1.0 of MCP-RTFM contains a path traversal vulnerability. This vulnerability arises from the handling of the docFile parameter in the getdoccontent/readdoc/updatedoc functions...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultylogin that operates on the parameter fid, allowi...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.27 views

PT-2026-36785

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultydetails that allows for SQL injection when the...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/addnewstudent that manipulate the parameter fname, allowi...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

MCP Server for ArangoDB 路径遍历漏洞

MCP Server for ArangoDB is a database interaction tool based on ArangoDB, developed by Alp Sarıyer. Versions of MCP Server for ArangoDB 0.4.7 and earlier had a path traversal vulnerability. This vulnerability stemmed from the function arangobackup in the MCP Interface component, which allowed for...

6.5CVSS6.6AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder