Lucene search
K

41189 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40057

A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-13551

CVE-2026-13551 affects itsourcecode Baptism Information Management System 1.0. The vulnerability is an SQL injection in the /editBaptism.php handler caused by manipulation of the ID parameter. It is exploitable remotely (no authentication required per the description) with the exploit publicly di...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40055

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-13550

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40051

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotel...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References6
CVE
CVE
added 2 days ago10 views

CVE-2026-13549

CodeAstro Complaint Management System 1.0 has a vulnerability in the Report Endpoint, specifically the deletereport function in application/controllers/Report.php. The manipulation of this function results in authorization bypass and can be exploited remotely; evidence indicates the exploit is pu...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13549 CodeAstro Complaint Management System Report Endpoint Report.php deletereport authorization

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotel...

6.4CVSS0.00293EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-13547

Vulnerability: CVE-2026-13547 affects Hanwang e-Face General Management Platform 6.3.5.4. The issue arises in processing the file parameter during /manage/resourceUpload/upload.do, where manipulation of the File argument can lead to unrestricted file upload. This can be exploited remotely, and pu...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13547 Hanwang e-Face General Management Platform upload.do unrestricted upload

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-13544

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
NVD
NVD
added 2 days ago6 views

CVE-2026-13539

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...

9CVSS0.00466EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40045

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...

9CVSS7AI score0.01562EPSS
Exploits1References6
CVE
CVE
added 2 days ago7 views

CVE-2026-13545

CVE-2026-13545 affects D-Link DCS-935L 1.10.01. The vulnerability is in the function sub_400E40 of setconf.cgi (POST Parameter Handler); manipulating the UID argument enables an OS command injection. The attack can be launched remotely, and the exploit has been disclosed publicly. CVSS metrics in...

9CVSS7AI score0.01562EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-13545 D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...

9CVSS0.01562EPSS
Exploits1References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13544 Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-13543

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to...

6.3CVSS5.6AI score0.00364EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13543 Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to...

6.3CVSS0.00364EPSS
Exploits0References7
NVD
NVD
added 2 days ago5 views

CVE-2026-13536

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...

5.3CVSS0.00284EPSS
Exploits0References5
Rows per page
Query Builder