Lucene search
K

105528 matches found

RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.6 views

CVE-2026-7057

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...

9CVSS5.8AI score0.00632EPSS
Exploits1References1
NVD
NVD
added 2026/04/28 12:16 a.m.3 views

CVE-2026-7196

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...

6.5CVSS0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

TOTOLINK N300RT 缓冲区错误漏洞

The TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The version 3.4.0-B20250430 of the Totolink N300RT has a buffer error vulnerability. This vulnerability stems from a buffer overflow in the entryname parameter of the /boafrm/formIpQoS file...

8.6CVSS7.3AI score0.00589EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

SourceCodester Safety Anger Pad 跨站脚本漏洞

SourceCodester Safety Anger Pad is an open-source security warning software developed by SourceCodester. Version 1.0 of SourceCodester Safety Anger Pad contains a cross-site scripting vulnerability. This vulnerability stems from the angerDisplay parameter, which has cross-site scripting...

5.3CVSS5.7AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.4 views

CVE-2026-37750

A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...

5.8AI score0.0037EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

5.3CVSS5.6AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

MCP Research Server 路径遍历漏洞

MCP Research Server is a server for searching and extracting research papers, developed by Elie Schoppik. Version 0.1.0 of MCP Research Server has a path traversal vulnerability. This vulnerability stems from the topic parameter used in the searchpapers function within the researchserver.py file,...

5.9CVSS6.3AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

Claude Agent SDK Master 路径遍历漏洞

Claude Agent SDK Master is a progressive learning tutorial for Claude Agent SDK developed by Erlich. Claude Agent SDK Master has a path traversal vulnerability; this vulnerability stems from the outputFile parameter in the app/api/agent-output/route.ts file, which allows for path traversal,...

6.9CVSS6.1AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.7 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35709

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35819

A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...

5.7AI score0.0037EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a cross-site scripting vulnerability. This vulnerability arises from the saveorder function in the file...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

Code-Projects Coaching Management System 注入漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...

6.5CVSS6.7AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

MCP-GMX-VMD 注入漏洞

MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.12 views

PT-2026-35683

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS5.1AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.7 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability stems from the operation o...

5.8CVSS5.9AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35690

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS8.1AI score0.02448EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

Papers MCP Server 路径遍历漏洞

Papers MCP Server is a scholarly paper management and MCP protocol service tool developed by Byron Duarte. There is a path traversal vulnerability in Papers MCP Server. This vulnerability stems from the incorrect handling of the topic parameter in the searchpapers function in the src/main.py file...

7.5CVSS7.1AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the e-mail parameter in the Login function of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder