Lucene search
K

105502 matches found

CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a buffer error vulnerability. This...

10CVSS7.7AI score0.00754EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Code-Projects Gym Management System 注入漏洞

Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a vulnerability related to SQL injection, which arises from incorrect handling of parameters in the file admin/editexercises.php,...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36485

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description The server authentication token is accepted via a GET parameter in the app/Http/Controllers/Server/UniProxyController.php file. This causes the token to be exposed in URLs, such as the endpoint...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.5 views

PT-2026-36297

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description An issue exists in the '/ajax.php?action=save customer' endpoint where manipulation of the ID argument allows for SQL injection, a technique used to interfere with the...

7.5CVSS7AI score0.00259EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36302

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.6 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...

7.5CVSS7.2AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.12 views

Apex LiveBOS 路径遍历漏洞

Apex LiveBOS is a rapid development tool developed by the Chinese company Apex. Versions of Apex LiveBOS 2.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from unknown functions in the Endpoint component file/feed/UploadImage.do, which allowed manipulation of the...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

5.9AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/01 12:0 a.m.5 views

EUVD-2025-209607

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36294

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279 B20210910. This affects the function sub 41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now publ...

9CVSS7.1AI score0.01485EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.30 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

0.00354EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

6.1CVSS5.8AI score0.00354EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/01 12:0 a.m.5 views

EUVD-2026-26668

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Coding Standards MCP Server 路径遍历漏洞

Coding Standards MCP Server is a coding specifications and best practices query tool for gerve individual developers. A path traversal vulnerability exists in Coding Standards MCP Server, which stems from a misbehavior of the getstyleguide/getbestpractices function with the parameter Language in...

6.9CVSS6AI score0.00449EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36261

Name of the Vulnerable Software and Affected Versions Fujian Apex LiveBOS versions prior to 2.1 Description A path traversal issue exists in the Endpoint component. A remote attacker can manipulate the filename argument in the '/feed/UploadImage.do' endpoint to access or overwrite files outside t...

7.5CVSS7.2AI score0.00418EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.7 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is itsourcecode open source a courier management system. itsourcecode Courier Management System 1.0 version of an injection vulnerability , the vulnerability stems from the file /editstaff.php in the unknown function of the parameter ID improper operation ,...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

MCP Asset Generation Server 路径遍历漏洞

MCP Asset Generation Server is a multi-type asset generation server for game development by the individual developer Suyog Sonwalkar. A path traversal vulnerability exists in MCP Asset Generation Server version 0.1.0, which stems from improper manipulation of the parameter statusFile in the...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 10:45 p.m.4 views

EUVD-2026-26456

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

6.5CVSS5.2AI score0.00233EPSS
Exploits0References4
Rows per page
Query Builder