Lucene search
K

105524 matches found

NVD
NVD
added 2026/05/11 4:17 p.m.21 views

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 4:11 p.m.7 views

SQL Injection

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to SQL Injection in the elFinderVolumeMySQL process when handling the target parameter. An attacker can access unauthorized data or cause...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 3:54 p.m.5 views

GHSA-492V-C6PP-MQQV Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

8.1CVSS5.8AI score0.00449EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/05/11 3:54 p.m.27 views

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

8.1CVSS5.8AI score0.00449EPSS
Exploits2References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 1:48 p.m.10 views

CVE-2022-50943

A flaw was found in Moodle LMS. An unauthenticated attacker can exploit a cross-site scripting XSS vulnerability by submitting malicious payloads through the search parameter. This allows the attacker to inject JavaScript code, leading to the execution of arbitrary scripts in users' browsers and...

6.1CVSS5.8AI score0.00331EPSS
Exploits1References2
NVD
NVD
added 2026/05/11 4:16 a.m.24 views

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

7.2CVSS0.04412EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/11 3:31 a.m.15 views

EUVD-2026-29015

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

7.2CVSS5.5AI score0.04447EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/11 2:21 a.m.13 views

CVE-2025-65134

In manikandan580 School-management-system 1.0, a reflected cross-site scripting XSS vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter...

6.1CVSS5.6AI score0.00181EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 1:0 a.m.45 views

CVE-2026-8259 Tenda AC6 httpd telnet os command injection

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS0.04447EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:0 a.m.10 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/11 1:0 a.m.26 views

CVE-2026-8259

CVE-2026-8259 affects Tenda AC6 firmware version 2.0/15.03.06.23, where an unknown function in the HTTPD component’s /goform/telnet endpoint mishandles the lan.ip parameter, leading to an OS command injection. This allows remote exploitation with high impact on confidentiality, integrity, and ava...

7.2CVSS5.5AI score0.04447EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.32 views

CVE-2026-36962

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

0.00363EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.22 views

PT-2026-39564

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get log file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The explo...

5.8CVSS5.6AI score0.04412EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

jotty·page 路径遍历漏洞

Jotty·Page is a self-hosted inventory and note management application developed by fccview. Versions of Jotty·Page prior to 1.22.0 contained a path traversal vulnerability. This vulnerability stems from unauthorized path traversal in the /api/appIcons/filename route, which could lead to file...

8.2CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

exiftool-vendored 参数注入漏洞

exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the “-stayopen True -” mode, where strings...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39552

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

4.3CVSS5.7AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the idprocesso parameter being directly embedded in HTML without proper cleaning, which could lead to...

6.1CVSS5.6AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version Tenda AC6 2.0/15.03.06.23 contains a command injection vulnerability. This vulnerability stems from an unknown function in the httpd component’s file/goform/telnet, which manipulates the parameter lan.ip, potentiall...

7.2CVSS5.8AI score0.04447EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.67 views

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

5.3AI score
Exploits0
Rows per page
Query Builder