Lucene search
K

615 matches found

EUVD
EUVD
added 2026/03/30 3:32 p.m.2 views

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

ON24 Q&A Chat 安全漏洞

ON24 Q&A Chat is an online interactive Q&A and chat component developed by ON24 Inc. There is a security vulnerability in ON24 Q&A Chat. This vulnerability stems from the console-survey/api/v1/answer/EVENTID/TIMESTAMP/ endpoint, which allows unauthorized access through bypassing user-controlled...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29024

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A vulnerability exists that allows authorization bypass through a user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2026/03/29 1:17 p.m.4 views

CVE-2026-32973

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

9.8CVSS0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.22 views

CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

9.8CVSS0.00406EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.4 views

CVE-2026-4973

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 9:31 p.m.6 views

EUVD-2026-16807

A vulnerability was detected in SourceCodester Online Quiz System hasta 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.5AI score0.00239EPSS
Exploits0References6
NVD
NVD
added 2026/03/27 8:16 p.m.3 views

CVE-2026-4973

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS0.00239EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 7:52 p.m.2 views

CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:52 p.m.3 views

CVE-2026-4973

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:52 p.m.27 views

CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS0.00239EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 7:52 p.m.9 views

CVE-2026-4973

SourceCodester Online Quiz System hasta 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown functionality of endpoint/add-question.php. By manipulating the quiz_question argument, an attacker can trigger XSS, with remote access possible and the exploit publicly available. The pr...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28698

Name of the Vulnerable Software and Affected Versions SourceCodester Online Quiz System version 1.0 Description A flaw exists in SourceCodester Online Quiz System that allows for cross site scripting. This issue is related to the manipulation of the quiz question argument within the...

5.1CVSS4.7AI score0.00239EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 4:49 p.m.6 views

WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 10:25 p.m.1 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 10:25 p.m.34 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27249

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'merged question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize text field function...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/19 9:49 p.m.3 views

CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

9.5CVSS6AI score0.01211EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 9:49 p.m.10 views

EUVD-2026-13247

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

9.5CVSS5.9AI score0.01211EPSS
Exploits0References3
Rows per page
Query Builder