Lucene search
K

105521 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.5 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

BioinfoMCP 路径遍历漏洞

BioinfoMCP is an bioinformatics AI platform developed by Florensiawidjaja. It serves to connect command-line tools with intelligent workflows. BioinfoMCP has a path traversal vulnerability, which stems from improper handling of the parameter Name in the Upload function located in the file...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. Versions of TOTOLINK A3002RU such as V3.0.0-B20220304.1804 and earlier contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the hostname parameter within the...

7.5CVSS6.1AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.2 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

5.2AI score0.01127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.3 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

5.2AI score0.01127EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 12:0 a.m.5 views

EUVD-2026-26230

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 12:0 a.m.7 views

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

6.1CVSS5.3AI score0.00185EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-35922

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804 Description A stack-based buffer overflow exists in the formMapDelDevice function. This issue occurs via the hostname parameter. A stack-based buffer overflow is a condition where a...

7.5CVSS6.1AI score0.00267EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

MCP Research Assistant 路径遍历漏洞

MCP Research Assistant is a scholarly paper search and analysis tool developed by ezequiroga. MCP Research Assistant has a path traversal vulnerability, which stems from improper handling of the topic parameter in the searchpapers function within the researchserver.py file. This improper handling...

7.5CVSS7.1AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.5 views

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

5.2AI score0.00185EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.3 views

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

6.2AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35924

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

6.2AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 12:0 a.m.31 views

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

0.00426EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 12:0 a.m.4 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

5.7AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-36016

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description Remote SQL injection is possible via the manipulation of the pid argument in the '/admin/ajax.php?action=add to cart' endpoint. SQL injection is a type of flaw that allows an...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/28 10:43 p.m.10 views

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.5AI score0.00672EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 10:39 p.m.13 views

FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

5.3CVSS5.2AI score0.0033EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/28 10:39 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/04/28 10:16 p.m.4 views

CVE-2026-7318

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...

5.9CVSS0.00185EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 10:16 p.m.7 views

CVE-2026-7305

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS0.00209EPSS
Exploits0References6
Rows per page
Query Builder