Lucene search
K

41204 matches found

Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.1 views

CVE-2026-5102 Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

6.5CVSS5.7AI score0.02164EPSS
Exploits1References5
Zero Day Initiative
Zero Day Initiative
added 2026/03/30 12:0 a.m.4 views

(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the quroutertoken parameter provided to the...

5.6CVSS5.5AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-30560

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

6AI score0.00252EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29111

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-28760

A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.2AI score0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29101

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

7.5CVSS6.8AI score0.00326EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29113

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A buffer overflow exists in the formCreateFileName function located in the file /goform/createFileName. Manipulation of the fileNameMit argument can trigger a stack-based buffer overflow, potentially...

9CVSS7.6AI score0.0073EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29144

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...

5.3CVSS4.3AI score0.00337EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29143

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A flaw exists in Tenda CH22 version 1.0.0.1 within the Parameter Handler component. Specifically, the fromAdvSetWan function in the /goform/AdvSetWan file is susceptible to a stack-based buffer overflow...

9CVSS7.7AI score0.00773EPSS
Exploits1References8
NVD
NVD
added 2026/03/29 11:16 p.m.4 views

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

8.8CVSS0.02179EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.3 views

CVE-2026-5013

A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used...

6.9CVSS5.5AI score0.00591EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5015

A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.3AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5014

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...

6.9CVSS5.4AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.3 views

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS6.4AI score0.00687EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.5 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/29 11:0 p.m.4 views

CVE-2026-5101 Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

6.5CVSS5.7AI score0.02179EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.3 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.5 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.6 views

CVE-2026-5001

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

7.5CVSS5.5AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/29 3:30 p.m.5 views

EUVD-2026-17031

A vulnerability was detected in Tenda FH1201 1.2.0.14408. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out...

9CVSS7.8AI score0.00655EPSS
Exploits1References6
Rows per page
Query Builder