Lucene search
K

105519 matches found

Cvelist
Cvelist
added 2026/04/29 8:22 a.m.32 views

CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:22 a.m.4 views

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 1:44 a.m.6 views

CVE-2026-37750

A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...

6.1CVSS5.7AI score0.0037EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35983

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.3 views

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

6.1CVSS5.3AI score0.00185EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35994

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download xml.pl,...

7.1CVSS5.2AI score0.00596EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 12:0 a.m.11 views

CVE-2026-36841

CVE-2026-36841 affects TOTOLINK N200RE V5. The root cause is a command injection in the formMapDelDevice function exploited via the macstr and bandstr parameters. This leads to arbitrary command execution with high impact on confidentiality, integrity, and availability (per CVSS 3.1 metrics: AV:N...

9.8CVSS5.2AI score0.01127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.3 views

PT-2026-35954

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.6AI score0.00195EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/29 12:0 a.m.29 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

0.01127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35883

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Improper access control in resource access validation allows an authenticated attacker to gain unauthorized access to sensitive patient information by manipulating parameters in the API...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 12:0 a.m.10 views

CVE-2026-36837

CVE-2026-36837 affects TOTOLINK A3002RU V3

7.5CVSS5.7AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the sortasc parameter in the GetSortData...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

XATABoost CMS SQL注入漏洞

XATABoost CMS is a content management system from XATABoost that provides website content publishing and management functions. A SQL injection vulnerability exists in XATABoost CMS version 1.0.0. The vulnerability stems from the application's lack of validation of externally entered SQL statement...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.5 views

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

5.3AI score0.00185EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35943

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS5.2AI score0.00185EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.70 views

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

5.8CVSS5.3AI score0.00244EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35976

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...

8.8CVSS6.4AI score0.00343EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 12:0 a.m.11 views

CVE-2026-38992

CVE-2026-38992 affects Cockpit up to v2.13.5. The vulnerability exists in the filter parameter used across multiple endpoints, enabling arbitrary code execution via the MongoLite $func operator and allowing an attacker to run system commands on the underlying infrastructure. Affected component: C...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.6 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation in the function strcopy within the file route/goform/NTP, where the Profile...

9CVSS7.8AI score0.00563EPSS
Exploits0References1
Rows per page
Query Builder