Lucene search
+L

219 matches found

nuclei
nuclei
added 9 hours ago45 views

Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

9.8CVSS7AI score0.01907EPSS
Exploits1References2
vulncheck_kev
vulncheck_kev
added 2026/03/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-15503

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...

9.8CVSS5.3AI score0.01907EPSS
In wildExploits1References15
redhatcve
redhatcve
added 2026/01/27 3:20 a.m.10 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

9.8CVSS6.3AI score0.02801EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/27 3:19 a.m.14 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS6.8AI score0.03946EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/27 3:19 a.m.12 views

CVE-2026-1414

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

9.8CVSS6.4AI score0.04451EPSS
Exploits1References1
osv
osv
added 2026/01/26 3:15 a.m.7 views

CVE-2026-1414

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

9.8CVSS5.7AI score0.04451EPSS
Exploits1References4
nvd
nvd
added 2026/01/26 3:15 a.m.10 views

CVE-2026-1414

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

9.8CVSS0.04451EPSS
Exploits1References4
nvd
nvd
added 2026/01/26 2:15 a.m.8 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

9.8CVSS0.02801EPSS
Exploits0References4
osv
osv
added 2026/01/26 2:15 a.m.4 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

9.8CVSS5.7AI score0.02801EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/01/26 2:2 a.m.5 views

CVE-2026-1414

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

6.5CVSS5.6AI score0.04451EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/01/26 2:2 a.m.5 views

CVE-2026-1414 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

6.5CVSS5.6AI score0.04451EPSS
Exploits1References4
euvd
euvd
added 2026/01/26 2:2 a.m.8 views

EUVD-2026-4688

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

6.5CVSS5.6AI score0.04451EPSS
Exploits1References4
cve
cve
added 2026/01/26 2:2 a.m.19 views

CVE-2026-1414

CVE-2026-1414 affects Sangfor Operation and Maintenance Security Management System (up to version 3.0.12). The vulnerability resides in the HTTP POST Request Handler for /equipment/get_Information, where tampering with the fortEquipmentIp argument can trigger a command injection. The issue can be...

9.8CVSS6.5AI score0.04451EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/01/26 2:2 a.m.38 views

CVE-2026-1414 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

6.5CVSS0.04451EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/01/26 1:32 a.m.5 views

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4
euvd
euvd
added 2026/01/26 1:32 a.m.6 views

EUVD-2026-4687

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/01/26 1:32 a.m.6 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS5.6AI score0.02801EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/01/26 1:32 a.m.17 views

CVE-2026-1413

Sangfor Operation and Maintenance Security Management System up to 3.0.12 contains a command injection in the HTTP POST Request Handler’s portValidate function, located in /fort/ip_and_port/port_validate. An attacker can remotely manipulate the port argument to execute arbitrary commands. Multipl...

9.8CVSS5.5AI score0.02801EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/01/26 1:32 a.m.43 views

CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

6.5CVSS0.02801EPSS
Exploits0References4
osv
osv
added 2026/01/26 1:15 a.m.5 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS5.6AI score0.03946EPSS
Exploits1References4
Rows per page
Query Builder