Lucene search
+L

1414 matches found

euvd
euvd
added 2026/05/29 1:13 p.m.14 views

EUVD-2026-33309

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

5.7CVSS5.7AI score0.0011EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.11 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. Versions 2.9.8, 2.9.10, and 2.9.11 of Suprema BioStar contain...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.22 views

PT-2026-44797

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/28 1:12 p.m.9 views

CVE-2026-8980 Privilege Escalation

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00331EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.16 views

PT-2026-44378

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00331EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from SMF failing to include the necessary inbound OAuth2 middleware when mounting UPI management routing groups. Th...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4
nvd
nvd
added 2026/05/25 3:16 p.m.18 views

CVE-2018-25381

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

7.1CVSS0.00284EPSS
Exploits0References4
cve
cve
added 2026/05/25 2:15 p.m.22 views

CVE-2018-25381

Joomla Responsive Portfolio 1.6.1 is affected by an SQL injection via POST parameters filter_type_id, filter_pid_id, and filter_search. The vulnerability allows authenticated attackers to execute arbitrary SQL commands and potentially extract credentials and server details. Reported CVSS v4.0/bas...

7.1CVSS6.1AI score0.00284EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/25 2:15 p.m.25 views

CVE-2018-25380 Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filtertypeid, filterpidid, and filtersearch parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

7.1CVSS0.00284EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/23 6:30 p.m.13 views

CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS6.2AI score0.00358EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/05/23 12:0 a.m.10 views

UserSpice 安全漏洞

UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References2
osv
osv
added 2026/05/22 3:0 p.m.9 views

MAL-2026-4627 Malicious code in onboardconnect-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c17efe362ab4daf81f1ee7efe462a256ba325562a255906102d10d4a9ee87e5 The package's dist/setup.js script performs an HTTPS POST to https://oc-worker-tenant-api.wpolanco.workers.dev carrying values read from process.env,...

5.8AI score
Exploits0References9
osv
osv
added 2026/05/22 7:48 a.m.11 views

MAL-2026-4387 Malicious code in @euqns/nudge-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...

5.8AI score
Exploits0References4
ossf
ossf
added 2026/05/19 11:53 p.m.12 views

Malicious code in lokal-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04df34ff182a72a46dc032016ed38e0caf7452ac3b8d382bb15221706c01a9e8 index.js contains a hardcoded URL https://rettfrabonden.com referenced alongside process.env reads and fetch POST calls index.js line 24 defines the...

5.8AI score
Exploits0References1
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.9 views

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source host service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a security vulnerability related to access control. This vulnerability arose from multiple administrator controllers performing permission checks on...

8.1CVSS5.8AI score0.00297EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/18 12:0 a.m.12 views

NOVUS Automation AirGate 4G firmware 安全漏洞

NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...

9.1CVSS5.8AI score0.0024EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/16 3:26 p.m.46 views

CVE-2021-47975 WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...

7.2CVSS0.00214EPSS
Exploits0References4
euvd
euvd
added 2026/05/15 6:36 p.m.12 views

EUVD-2021-34822

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References4
Rows per page
Query Builder