Lucene search
K

105521 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36761

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26394

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.7 views

JeeSite 路径遍历漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.8 views

Tenda 4G300 缓冲区错误漏洞

The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the function sub427C3C within the file/goform/SafeMacFilte...

9CVSS7.7AI score0.00516EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36034

A vulnerability was detected in Tenda 4G300 US 4G300V1.0Mt V1.01.42 CN TDC01. This impacts the function sub 425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score0.01314EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

Bootstrap CMS 注入漏洞

Bootstrap CMS is an open-source content management system based on PHP. The Bootstrap CMS 0.9.0-alpha version has a vulnerability due to an unknown function in the Page Creation Handler component file resources/views/pages/show.blade.php, which allows for code injection when manipulating the body...

6.5CVSS6.6AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26393

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...

9.6CVSS5.6AI score0.00383EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.28 views

CVE-2026-36762

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...

0.00435EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

JeeSite 跨站脚本漏洞

JeeSite is a Java rapid development platform open-sourced by Zhuo Yuan thinkgem in Jinan, China. Version JeeSite 5.15.1 contains a cross-site scripting vulnerability. This vulnerability stems from a storage-type cross-site scripting present in the /msg/msgInner/save endpoint, which may allow...

6.1CVSS5.9AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.8 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Tenda 4G300 注入漏洞

The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version has a vulnerability related to injection attacks. This vulnerability stems from the operation of the parameter delflag in the function sub425A28 within the...

6.5CVSS6.6AI score0.01314EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 11:16 p.m.7 views

CVE-2026-7420

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...

9CVSS0.00463EPSS
Exploits0References4
OSV
OSV
added 2026/04/29 10:26 p.m.4 views

GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

8.2CVSS5.9AI score0.00387EPSS
Exploits0References4
NVD
NVD
added 2026/04/29 10:16 p.m.9 views

CVE-2026-7410

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

6.5CVSS0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/29 10:15 p.m.31 views

CVE-2026-7419 UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

9CVSS0.00544EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 10:15 p.m.9 views

EUVD-2026-26297

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

9CVSS8.5AI score0.00544EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/29 9:16 p.m.71 views

Exploit for OS Command Injection in Kubeai

CVE-2026-34940 — OS Command Injection in KubeAI via Model URL...

8.8CVSS5.6AI score0.00448EPSS
Exploits3
EUVD
EUVD
added 2026/04/29 9:15 p.m.7 views

EUVD-2026-26292

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/29 9:10 p.m.4 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.7 views

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

4.8CVSS3.1AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder