Lucene search
K

105399 matches found

Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36744

Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.12 views

RHCOS 6 : Ruby on Rails (RHSA-2013:0153)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. - rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack CVE-2013-0156 Note that Nessus has not tested for this...

7.5CVSS7.5AI score0.99449EPSS
Exploits21References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/studentdetails that allows for SQL injection attacks wh...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-36790

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36910

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

9.3CVSS6AI score0.04983EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

6.5CVSS6.4AI score0.00916EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36760

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get state.php. The manipulation of the argument G STATE ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

6.5CVSS6.4AI score0.00246EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultydetails that allows for SQL injection when the...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/addnewstudent that manipulate the parameter fname, allowi...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

MCP Server for ArangoDB 路径遍历漏洞

MCP Server for ArangoDB is a database interaction tool based on ArangoDB, developed by Alp Sarıyer. Versions of MCP Server for ArangoDB 0.4.7 and earlier had a path traversal vulnerability. This vulnerability stemmed from the function arangobackup in the MCP Interface component, which allowed for...

6.5CVSS6.6AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from the function setWanConfig in the component POST Request Handler, specifically the...

9CVSS7.6AI score0.00563EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36911

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'internet.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

9.3CVSS6AI score0.02615EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-36786

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/03 10:0 p.m.42 views

CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.01158EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 10:0 p.m.24 views

EUVD-2026-26843

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
NVD
NVD
added 2026/05/03 2:16 p.m.16 views

CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS0.01655EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 1:30 p.m.7 views

CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS6.9AI score0.01655EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 1:15 p.m.7 views

EUVD-2026-26835

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

5.8CVSS5.6AI score0.00206EPSS
Exploits0References4
NVD
NVD
added 2026/05/03 12:15 p.m.12 views

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

7.5CVSS0.00325EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 12:15 p.m.36 views

CVE-2026-7695 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue sql injection

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS0.00343EPSS
Exploits0References4
Rows per page
Query Builder