Lucene search
K

6414 matches found

Nuclei
Nuclei
added yesterday61 views

Dzzoffice 2.02.1 - Cross-Site Scripting

Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...

6.1CVSS6.5AI score0.00596EPSS
Exploits1References2
NVD
NVD
added yesterday6 views

CVE-2026-15672

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2 days ago5 views

CVE-2026-15598

The CVE affects antv layout 2.0.0, specifically the setNestedValue function in lib/util/object.js. A manipulation of the argument path can lead to prototype pollution, allowing remote modification of object prototype attributes. The advisory notes the attack can be launched remotely, with low att...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43294

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References8
NVD
NVD
added 2 days ago4 views

CVE-2026-15538

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS0.00256EPSS
Exploits0References7
Nuclei
Nuclei
added 2 days ago184 views

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

10CVSS7.3AI score0.98376EPSS
Exploits7References7
Nuclei
Nuclei
added 2 days ago25 views

Grandstream UCM6200 - SQL Injection

Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...

10CVSS7.1AI score0.83926EPSS
Exploits8References2
NVD
NVD
added 2 days ago9 views

CVE-2026-15553

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...

6.9CVSS0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43262

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-43250

A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43202

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS6.4AI score0.00463EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57528

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description A buffer overflow can be triggered remotely within the ssi component. The issue resides in the sub 41EC14 function located in the /goform/tools nslookup file. A buffer overflow occurs when a...

9CVSS7.3AI score0.00463EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42660

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
NVD
NVD
added 6 days ago9 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42477

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 6 days ago17 views

CVE-2026-51926

The vulnerability (CVE-2026-51926) affects docuForm FSM Client v11.11c. The login.php authentication mechanism enables user enumeration: an attacker can distinguish valid from invalid usernames by differences in server responses, enabling identification of existing accounts. This information coul...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
EUVD
EUVD
added last week5 views

EUVD-2026-42238

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
CVE
CVE
added last week10 views

CVE-2026-15033

Technical details (affected product/version, root cause, exploit details, or remediation) are not publicly provided in the supplied documents; monitor for updates.

6.5CVSS6.3AI score0.01067EPSS
Exploits0References6
Rows per page
Query Builder