Lucene search
K

105500 matches found

NVD
NVD
added 2026/05/01 6:16 a.m.5 views

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00276EPSS
Exploits0References24
CVE
CVE
added 2026/05/01 5:45 a.m.19 views

CVE-2026-7555

The CVE-2026-7555 entry describes a SQL injection in itsourcecode Electronic Judging System 1.0, affecting the /intrams/login.php component where the Username parameter is manipulated. The vulnerability can be exploited remotely, and exploitation code is publicly available. The available data do ...

7.5CVSS7.4AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 5:29 a.m.30 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00276EPSS
Exploits0References24
ATTACKERKB
ATTACKERKB
added 2026/05/01 5:29 a.m.3 views

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2026/05/01 5:29 a.m.4 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6AI score0.00276EPSS
Exploits0References24
CVE
CVE
added 2026/05/01 5:29 a.m.11 views

CVE-2024-13362

CVE-2024-13362 concerns Freemius versions &lt;= 2.10.1 used in multiple WordPress plugins/themes. The flaw is a reflected DOM-based XSS via the url parameter , caused by insufficient input sanitization and output escaping. Consequences: unauthenticated attackers could cause a user to execute arbi...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
EUVD
EUVD
added 2026/05/01 5:29 a.m.4 views

EUVD-2024-55564

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2026/05/01 3:45 a.m.5 views

CVE-2026-7550 SourceCodester Pharmacy Sales and Inventory System ajax.php save_customer sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/01 3:30 a.m.7 views

CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.8AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 3:16 a.m.4 views

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

9CVSS0.01485EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 2:30 a.m.32 views

CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

9CVSS0.01485EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/01 2:30 a.m.6 views

CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

9CVSS7.1AI score0.01485EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:30 a.m.3 views

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

10CVSS5.3AI score0.01823EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:45 a.m.2 views

CVE-2026-7519

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

7.5CVSS5.1AI score0.00418EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.2 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

TOTOLINK NR1800X 注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a vulnerability that stems from the operation of the...

9CVSS7.3AI score0.01485EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 12:0 a.m.7 views

CVE-2026-37505

Vulnerability summary: CVE-2026-37505 affects V2Board up to 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without validation. An authenticated admin can sort users by any database column, including...

4.9CVSS5.9AI score0.00244EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/01 12:0 a.m.13 views

CVE-2026-37504

Affected software/versions: V2Board, prior to 1.7.5. Root cause: The server authentication token is accepted via a GET parameter in app/Http/Controllers/Server/UniProxyController.php, causing the token to appear in URLs like /api/v1/server/UniProxy/user?token=SECRET and be recorded in logs, histo...

7.5CVSS5.8AI score0.00286EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

10CVSS7.6AI score0.01823EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

exiftool 注入漏洞

Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.53 and earlier had a injection vulnerability. This vulnerability stemmed from the Processmrld function in the component for JPEG/QuickTime/MOV/MP4, which incorrectly handled th...

5.3CVSS6.1AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder