Lucene search
K

105519 matches found

CNNVD
CNNVD
added 2026/05/01 12:0 a.m.6 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...

7.5CVSS7.2AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.12 views

Apex LiveBOS 路径遍历漏洞

Apex LiveBOS is a rapid development tool developed by the Chinese company Apex. Versions of Apex LiveBOS 2.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from unknown functions in the Endpoint component file/feed/UploadImage.do, which allowed manipulation of the...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36294

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279 B20210910. This affects the function sub 41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now publ...

9CVSS7.1AI score0.01485EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.30 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

0.00354EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

6.1CVSS5.8AI score0.00354EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/01 12:0 a.m.5 views

EUVD-2026-26668

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Coding Standards MCP Server 路径遍历漏洞

Coding Standards MCP Server is a coding specifications and best practices query tool for gerve individual developers. A path traversal vulnerability exists in Coding Standards MCP Server, which stems from a misbehavior of the getstyleguide/getbestpractices function with the parameter Language in...

6.9CVSS6AI score0.00449EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/01 12:0 a.m.6 views

EUVD-2025-209607

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

5.9AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/30 10:45 p.m.4 views

EUVD-2026-26456

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

6.5CVSS5.2AI score0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/30 10:30 p.m.2 views

CVE-2026-7506 SourceCodester Hotel Management System check sql injection

A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument roomtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

7.5CVSS6.9AI score0.0026EPSS
Exploits0References5
CVE
CVE
added 2026/04/30 10:30 p.m.13 views

CVE-2026-7506

SourceCodester Hotel Management System 1.0 contains an SQL injection in /index.php/reservation/check via the room_type parameter. The issue allows remote exploitation with a PROOF-OF-CONCEPT exploit and may impact confidentiality, integrity, and availability to a low/partial level per CVSS metric...

7.5CVSS7.3AI score0.0026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:45 p.m.4 views

CVE-2026-7503

A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cstemodules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be...

9CVSS5.9AI score0.00447EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:59 p.m.15 views

ps_checkout allows unauthorized method invocation through unvalidated parameter

Impact Unvalidated parameter can lead to some unauthorized method invocation with very little possibilities. Patches The problem has been patched in versions - v5.3.0 for PrestaShop 1.7 build number: 7.5.3.0 - v5.3.0 for PrestaShop 8 build number: 8.5.3.0 - v5.3.0 for PrestaShop 9 build number:...

5.2AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/30 6:16 p.m.5 views

CVE-2026-36761

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 6:16 p.m.6 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/04/30 5:16 p.m.6 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/30 4:8 p.m.30 views

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/30 2:29 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the filename parameter passed to editfiles function via click.edit. This function invokes a subprocess with shell=True that can be injected into by including double-quoted strings in a malicious filename. An attack...

7.5CVSS5.8AI score0.0081EPSS
Exploits1References2
Rows per page
Query Builder