Lucene search
K

278 matches found

EUVD
EUVD
added 2026/04/15 6:31 p.m.6 views

EUVD-2026-22953

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.8AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 4:11 p.m.4 views

CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.8AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:30 p.m.6 views

EUVD-2026-22041

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References3
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.56 views

Pachno 1.0.6 Stored Cross-Site Scripting

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

7.2CVSS6.1AI score0.00161EPSS
Exploits1
EUVD
EUVD
added 2026/04/08 9:33 p.m.13 views

EUVD-2025-209353

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

6.2AI score0.00599EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.3 views

CVE-2025-50661

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

6.1AI score0.00605EPSS
Exploits0References3
NVD
NVD
added 2026/04/06 1:16 a.m.9 views

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

6.5CVSS0.00268EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/05 1:8 a.m.11 views

Command Injection

Overview code-screenshot-mcp is a MCP server for generating beautiful code screenshots directly from Claude Affected versions of this package are vulnerable to Command Injection through request parameters. An attacker can execute arbitrary operating system commands by sending specially crafted HT...

6.5CVSS6.1AI score0.01455EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

WordPress plugin Contact Form by Supsystic 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS6.3AI score0.41475EPSS
Exploits8References5
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.9 views

CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...

10CVSS7.4AI score0.03459EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/26 6:8 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the save.json.php process. An attacker can access and exfiltrate confidential AI-generated metadata and...

5.3CVSS5.9AI score0.00214EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 8:27 p.m.15 views

CVE-2026-33304

OpenEMR prior to 8.0.0.2 suffers an authorization bypass in the dated reminders log. Any authenticated non-admin user can view reminder messages belonging to other users, including patient names and free-text content, by crafting a GET request with arbitrary user IDs in the sentTo[] or sentBy[] p...

6.5CVSS5.9AI score0.00312EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

WordPress plugin Instant Popup Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/18 5:48 p.m.8 views

Cross-site Scripting (XSS)

phpPgAdmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and encoding of user-supplied input from $REQUEST parameters across multiple components, which allows an attacker to inject and execute arbitrary JavaScript in users’ browsers...

6.1CVSS6.1AI score0.00203EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:49 p.m.6 views

CVE-2026-26196

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and accesstoken, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2...

6.9CVSS5.8AI score0.00254EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/02 2:47 p.m.6 views

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS6AI score0.00708EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/02 2:47 p.m.5 views

EUVD-2025-208157

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS6AI score0.00708EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/27 9:52 p.m.24 views

CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

9.8CVSS0.00593EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

PuneethReddyHC Event Management 安全漏洞

PuneethReddyHCP Event Management is an application developed by Puneeth Reddy H C as a personal developer. It helps users register for events held during university festivals in a simple and secure manner. Version 1.0 of PuneethReddyHCP Event Management contains a security vulnerability. This...

5.4CVSS5.6AI score0.00189EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/21 9:42 a.m.8 views

SQL Injection

Parsl is vulnerable to SQL Injection.The vulnerability is due to unsafe construction of SQL queries using user-supplied URL parameters without proper sanitization, which allows an unauthenticated attacker to inject arbitrary SQL commands and potentially exfiltrate data or cause a denial of servic...

7.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder