105521 matches found
CVE-2026-36761
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
EUVD-2026-26394
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
JeeSite 路径遍历漏洞
JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...
Tenda 4G300 缓冲区错误漏洞
The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the function sub427C3C within the file/goform/SafeMacFilte...
PT-2026-36034
A vulnerability was detected in Tenda 4G300 US 4G300V1.0Mt V1.01.42 CN TDC01. This impacts the function sub 425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...
Bootstrap CMS 注入漏洞
Bootstrap CMS is an open-source content management system based on PHP. The Bootstrap CMS 0.9.0-alpha version has a vulnerability due to an unknown function in the Page Creation Handler component file resources/views/pages/show.blade.php, which allows for code injection when manipulating the body...
EUVD-2026-26393
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...
CVE-2026-36762
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...
JeeSite 跨站脚本漏洞
JeeSite is a Java rapid development platform open-sourced by Zhuo Yuan thinkgem in Jinan, China. Version JeeSite 5.15.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-type cross-site scripting present in the /msg/msgInner/save endpoint, which may allow...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
Tenda 4G300 注入漏洞
The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version has a vulnerability related to injection attacks. This vulnerability stems from the operation of the parameter delflag in the function sub425A28 within the...
CVE-2026-7420
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...
GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...
CVE-2026-7410
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2026-7419 UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...
EUVD-2026-26297
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...
Exploit for OS Command Injection in Kubeai
CVE-2026-34940 — OS Command Injection in KubeAI via Model URL...
EUVD-2026-26292
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...
CVE-2026-7295
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...