Lucene search
K

105519 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35923

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

5.2AI score0.01127EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 12:0 a.m.5 views

EUVD-2025-209589

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS5.2AI score0.00185EPSS
Exploits3References2
EUVD
EUVD
added 2026/04/29 12:0 a.m.6 views

EUVD-2026-26232

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

6.2AI score0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...

9CVSS7.8AI score0.00544EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.7 views

FreeBSD Security Advisory - FreeBSD-SA-26:14.pf

FreeBSD Security Advisory - Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic...

7.5CVSS5.2AI score0.00432EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Mail MCP Bridge 路径遍历漏洞

Mail MCP Bridge is a messaging analysis tool developed by Fatbobman Dongpo Zhouzi, which connects macOS email messages with AI. Versions of Mail MCP Bridge 1.3.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of the parameter messageids in the fil...

7.5CVSS7.1AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation in the function strcpy within the file route/goform/ConfigAdvideo, where th...

9CVSS7.8AI score0.00463EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

5.1CVSS5.6AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 12:0 a.m.11 views

CVE-2025-56537

CVE-2025-56537 affects OpenNebula OpenNebula v6.10.0.1; the stored XSS occurs via a crafted payload injected into the virtual network template parameter. The issue is fixed in OpenNebula 7.0. An attacker can trigger the stored XSS through the vulnerable web UI (Sunstone) under network template in...

6.1CVSS5.3AI score0.00185EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

SourceCodester CET Automated Grading System with AI Predictive Analytics 跨站脚本漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

5.3CVSS5.6AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

TOTOLINK N200RE 命令注入漏洞

The TOTOLINK N200RE is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK N200RE V5 version has a command injection vulnerability, which stems from the use of command injections in the formMapDelDevice function, particularly with the macstr and bandstr parameters...

9.8CVSS5.8AI score0.01127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.3 views

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

6.2AI score0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 12:0 a.m.30 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

xhs-mcp 代码问题漏洞

xhs-mcp is an open-source tool developed by Algovate for automated publication and content management of REDnote. Version xhs-mcp 0.8.11 contains a code vulnerability. This vulnerability arises from the mediapaths parameter operation in the xhspublishcontent function within the...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35942

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

6.1CVSS5.3AI score0.00185EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/29 12:0 a.m.7 views

EUVD-2026-26231

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

9.8CVSS5.2AI score0.01127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter pid being manipulated in the file admin/ajax.php?action=addtocart...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.5 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

BioinfoMCP 路径遍历漏洞

BioinfoMCP is an bioinformatics AI platform developed by Florensiawidjaja. It serves to connect command-line tools with intelligent workflows. BioinfoMCP has a path traversal vulnerability, which stems from improper handling of the parameter Name in the Upload function located in the file...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References1
Rows per page
Query Builder