Lucene search
K

41223 matches found

Cvelist
Cvelist
added 2026/03/27 7:52 p.m.23 views

CVE-2026-4975 Tenda AC15 POST Request setcfm formSetCfm memory corruption

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

9CVSS0.00632EPSS
Exploits1References5
CVE
CVE
added 2026/03/27 7:52 p.m.5 views

CVE-2026-4975

The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...

9CVSS7.9AI score0.00632EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:52 p.m.2 views

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS6.5AI score0.00632EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:52 p.m.22 views

CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:52 p.m.3 views

CVE-2026-4973

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:52 p.m.2 views

CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/27 7:52 p.m.26 views

CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...

5.1CVSS0.00239EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 7:52 p.m.9 views

CVE-2026-4973

SourceCodester Online Quiz System hasta 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown functionality of endpoint/add-question.php. By manipulating the quiz_question argument, an attacker can trigger XSS, with remote access possible and the exploit publicly available. The pr...

5.1CVSS4.4AI score0.00239EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 7:15 p.m.2 views

CVE-2026-4971 SourceCodester Note Taking App cross-site request forgery

A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks...

5.3CVSS5.5AI score0.00155EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 6:31 p.m.7 views

EUVD-2026-16727

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

6.5CVSS6.3AI score0.00327EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2026-16738

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/27 6:31 p.m.6 views

EUVD-2026-16736

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...

7.5CVSS5.6AI score0.00604EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/27 6:24 p.m.30 views

CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:24 p.m.2 views

CVE-2026-4970

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 6:24 p.m.2 views

CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 6:16 p.m.3 views

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS0.0025EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 5:41 p.m.9 views

CVE-2026-4968

The CVE-2026-4968 entry describes a cross-site request forgery in SourceCodester Diary App 1.0, targeting an unknown function in diary.php. A remote attacker could exploit this CSRF if a user interacts with a malicious page; the exploit has been publicly disclosed. The available documents do not ...

5.3CVSS5.4AI score0.00194EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 5:41 p.m.2 views

CVE-2026-4968

A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

5.3CVSS5.4AI score0.00194EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/27 5:41 p.m.13 views

CVE-2026-4966

CVE-2026-4966 affects itsourcecode Free Hotel Reservation System 1.0. The vulnerability is in the file /admin/mod_room/index.php?view=edit where manipulating the ID parameter enables SQL injection. It can be exploited remotely, and public exploits have been published. Various sources confirm the ...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/27 5:41 p.m.27 views

CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...

7.5CVSS0.00604EPSS
Exploits1References4
Rows per page
Query Builder