CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/01 3:15 a.m.•2 views

CVE-2026-5253

A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/01 3:15 a.m.•1 views

CVE-2026-5253 bufanyun HotGo editNotice Endpoint MessageList.vue cross site scripting

CVE•added 2026/04/01 3:15 a.m.•13 views

CVE-2026-5253

CVE-2026-5253 affects bufanyun HotGo 1.0/2.0. Affected is an unknown functionality in /web/src/layout/components/Header/MessageList.vue of the editNotice endpoint. The issue allows remote cross-site scripting via a manipulation of that component; the exploit is publicly available. Attack requires...

ATTACKERKB•added 2026/04/01 3:15 a.m.•8 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00273EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/01 2:30 a.m.•30 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

6.5CVSS0.00242EPSS

ATTACKERKB•added 2026/04/01 2:30 a.m.•2 views

CVE-2026-5251

6.5CVSS6.4AI score0.00242EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/04/01 1:30 a.m.•1 views

CVE-2026-5249

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00195EPSS

Vulnrichment•added 2026/04/01 1:30 a.m.•1 views

CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting

5.1CVSS4.4AI score0.00195EPSS

EUVD•added 2026/04/01 12:31 a.m.•4 views

EUVD-2026-17733

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

7.5CVSS6.8AI score0.00259EPSS

Exploits0References6

EUVD•added 2026/04/01 12:31 a.m.•9 views

EUVD-2026-17688

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

9CVSS7.5AI score0.00715EPSS

Exploits1References6

NVD•added 2026/04/01 12:16 a.m.•6 views

CVE-2026-5238

7.5CVSS0.00259EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•7 views

PT-2026-29639

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.26 Description A flaw exists in Nothings stb, specifically within the TTF File Handler component, impacting the stbtt InitFont internal function in the stb truetype.h library. A manipulation of the function can le...

8.8CVSS5.6AI score0.00664EPSS

Exploits1References12

Positive Technologies•added 2026/04/01 12:0 a.m.•3 views

PT-2026-29471

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now...

5.3CVSS4.4AI score0.0027EPSS

Exploits1References6

Positive Technologies•added 2026/04/01 12:0 a.m.•6 views

PT-2026-29481

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

6.5CVSS5.5AI score0.00201EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•10 views

PT-2026-29483

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

7.5CVSS5.6AI score0.00385EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•4 views

PT-2026-29477

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function get file of the file iopaint/file manager/file manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. Th...

7.5CVSS5.5AI score0.00624EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•4 views

PT-2026-29448