Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51255

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection is possible via the POST Request Handler component. A remote attacker can exploit this by manipulating the interface argument within the stainfo function of the '/goform/stainfo'...

6.5CVSS6.7AI score0.01182EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/06/01 3:30 a.m.11 views

CVE-2026-10220 NousResearch hermes-agent skills_tool.py skill_view injection

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
NVD
NVD
added 2026/05/26 4:16 a.m.18 views

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

7.5CVSS0.0033EPSS
Exploits0References4
NVD
NVD
added 2026/05/03 10:16 a.m.13 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.5 views

CVE-2026-5183

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

6.5CVSS6.3AI score0.05126EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-3675

A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...

5.3CVSS5.4AI score0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 11:32 p.m.6 views

CVE-2026-3269 psi-probe PSI Probe Session ExpireSessionsController.java handleRequestInternal denial of service

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial o...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/08 1:2 a.m.9 views

EUVD-2026-5825

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

6.5CVSS6.3AI score0.00267EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/22 1:2 p.m.5 views

CVE-2026-1325 Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

6.9CVSS5.3AI score0.00523EPSS
Exploits1References4
OSV
OSV
added 2026/01/11 5:15 a.m.4 views

CVE-2026-0837

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...

8.8CVSS6.4AI score0.03409EPSS
Exploits1References4
NVD
NVD
added 2025/11/14 8:15 p.m.4 views

CVE-2025-13179

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...

6.5CVSS0.00193EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31481

Malicious code in bioql PyPI...

10CVSS9.5AI score0.006EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27506

Malicious code in bioql PyPI...

9.1CVSS5.6AI score0.01017EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/13 4:32 p.m.1 views

CVE-2025-10369 MiczFlor RPi-Jukebox-RFID cardRegisterNew.php cross site scripting

A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized...

5.1CVSS3.6AI score0.00276EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35131

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A security issue has been identified in LB-LINK BL-X26 version 1.2.8 related to the HTTP Handler component. Manipulation of the mac argument in the /goform/set blacklist file can lead to os command...

6.5CVSS6.2AI score0.06729EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/08/20 12:53 p.m.2 views

CVE-2025-54174 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS7AI score0.0018EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/26 7:32 p.m.13 views

CVE-2025-5128

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

7.5CVSS7.2AI score0.00495EPSS
Exploits1References1
OSV
OSV
added 2025/03/31 5:15 a.m.4 views

CVE-2025-2976

A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

5.4CVSS3.7AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2024/03/27 2:15 p.m.3 views

CVE-2024-2979

A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely...

8.8CVSS6.4AI score0.01669EPSS
Exploits1References4
OSV
OSV
added 2024/03/16 8:15 p.m.4 views

CVE-2024-2528

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument roomid leads to sql injection. It is possible to initiate the attack...

8.8CVSS5.7AI score0.00514EPSS
Exploits0References3
Rows per page
Query Builder