Lucene search
K

105500 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

ELECOM WAB 代码问题漏洞

ELECOM WAB is a series of wireless access points produced by the ELECOM company in Japan. ELECOM WAB has a code vulnerability that stems from the lack of checking whether the language parameter has an appropriate value. This vulnerability may cause administrator pages to be displayed incorrectly ...

5.1CVSS6.2AI score0.00207EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.75 views

📄 Event Booking Calendar 5.0 Cross Site Scripting

Event Booking Calendar version 5.0 suffers from a cross site scripting vulnerability. Titles: Event Booking Calendar-5.0 Cross-site scripting reflected Author: nu11secur1ty Date: 5/13/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/ Reference:...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40605

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.4 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 12:0 a.m.21 views

CVE-2025-29338

CVE-2025-29338 affects the NXP moal.ko Wi‑Fi kernel driver (driver version 5.1.7.10) across firmware builds from v17.92.1.p149.43 to v17.92.1.p149.157. The root cause is a stack‑based buffer overflow in the parsing path: woal_setup_module_param allocates a fixed stack buffer and parse_cfg_get_lin...

5.6CVSS6AI score0.00183EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40630

Name of the Vulnerable Software and Affected Versions NXP moal.ko versions prior to 5.1.7.10 Description A stack buffer overflow exists in the wireless kernel module. The issue occurs within the woal init module param function via the mod para parameter. Recommendations Update to version 5.1.7.10...

5.6CVSS6AI score0.00183EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.35 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.34 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

0.00183EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40604

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40616

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

6.8CVSS6AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a SQL injection vulnerability. This vulnerability occurred because the administrator’s order transaction list page constructed the original ORDER BY SQL fragment from the $GETsort array,...

4.9CVSS5.9AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/05/13 12:0 a.m.16 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

HDWPlayer Joomla com_hdwplayer SQL注入漏洞

HDWPlayer Joomla comhdwplayer is a Joomla video player component developed by HDWPlayer Inc. Version 4.2 of HDWPlayer Joomla comhdwplayer contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue in the search.php file. It may allow unauthenticated attackers to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.7 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.37 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.11 views

CVE-2026-37428

The CVE-2026-37428 entry concerns qihang-wms with a SQL injection via the datascope parameter in SysDeptMapper.xml. The root cause is a vulnerable query construction in that mapper; impact per sources is potential exposure of sensitive data, including users’ PII. The connected documents confirm t...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.6 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References2
Rows per page
Query Builder