Lucene search
K

105519 matches found

Vulnrichment
Vulnrichment
added 2026/05/02 3:36 a.m.5 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00304EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

sglang 注入漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Versions of SGLang 0.5.9 and earlier contained a injection vulnerability. This vulnerability stemmed from the operation of the gettokenizer function in the...

6.3CVSS6.3AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.7 views

TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. The version TRENDnet TEW-821DAP 1.12B01 has a vulnerability related to data falsification. This vulnerability stems from improper handling of the parameter dest in the findHWid/newGuiUpdateFirmware function within the...

8.1CVSS5.8AI score0.00234EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.7 views

PT-2026-36587

Name of the Vulnerable Software and Affected Versions ARMember – Membership Plugin versions prior to 4.0.61 Description The ARMember – Membership Plugin for WordPress is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.13 views

WordPress plugin Maxi Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.16 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36622

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.16 views

PT-2026-36606

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The esc sql...

7.5CVSS6AI score0.00304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.13 views

PT-2026-36612

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

5.8CVSS6AI score0.00228EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.16.60 (RHSA-2026:10096)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10096 advisory. - golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 Note that Nessus has not tested for this issue but...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.10 views

PT-2026-36623

A vulnerability was identified in Totolink N300RH 6.1c.1353 B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and...

6.9CVSS6.4AI score0.00329EPSS
Exploits0References6
NVD
NVD
added 2026/05/01 8:16 p.m.4 views

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

7.5CVSS0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/01 7:45 p.m.5 views

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 6:45 p.m.6 views

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

7.5CVSS6.8AI score0.01366EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 6:30 p.m.6 views

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

6.9CVSS5.7AI score0.00449EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 6:16 p.m.8 views

CVE-2026-7588

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...

6.9CVSS0.00449EPSS
Exploits0References5
Rows per page
Query Builder