Lucene search
K

105478 matches found

CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

Wavlink WL-WN570HA1 注入漏洞

The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the parameter “Username” in the function...

9.8CVSS6.6AI score0.04971EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Wavlink WL-WN570HA1 注入漏洞

The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the DDNS parameter in the function pingddns...

6.5CVSS6.6AI score0.03191EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

Dolibarr ERP CRM 注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...

5CVSS6AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.9 views

PT-2026-36722

Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...

6.5CVSS6.8AI score0.01158EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the parameter “pei” in the function...

5.3CVSS5.7AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.7 views

PT-2026-36681

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit nex form function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

youlai-boot 注入漏洞

Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.13 views

PT-2026-36694

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...

9.8CVSS6.8AI score0.04971EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

JD Cloud JDCOS 注入漏洞

JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

crmeb_java 访问控制错误漏洞

crmebjava is an open-source e-commerce system developed by CRMEB. Versions of crmebjava 1.3.4 and earlier contained a access control vulnerability. This vulnerability stemmed from unknown code in the Admin Upload component, specifically in the...

5.8CVSS5.9AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 注入漏洞

Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System is a microgrid energy efficiency management system developed by Acrel Corporation. Version 1.3.0 of the Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System contains a SQL injection...

7.5CVSS7.2AI score0.00325EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.12 views

COCO Annotator 路径遍历漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator 0.11.1 and earlier contained a path traversal vulnerability. This vulnerability stemmed from an unknown function in the Data...

5.3CVSS5.8AI score0.00467EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 10:15 p.m.3 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/02 5:20 p.m.10 views

Arbitrary Command Injection

Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...

6.5CVSS6.8AI score0.01294EPSS
Exploits0References2
NVD
NVD
added 2026/05/02 2:16 p.m.6 views

CVE-2026-7632

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 2:0 p.m.4 views

CVE-2026-7633

A vulnerability was identified in Totolink N300RH 6.1c.1353B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mig...

6.9CVSS6.4AI score0.00329EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/02 2:0 p.m.5 views

EUVD-2026-26795

A vulnerability was identified in Totolink N300RH 6.1c.1353B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mig...

6.9CVSS5.6AI score0.00329EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 1:45 p.m.2 views

CVE-2026-7632

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/02 1:45 p.m.5 views

EUVD-2026-26794

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
Rows per page
Query Builder