Lucene search
K

7052 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Collectric CMU SQL注入漏洞

The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.15 views

SourceCodester Student Grades Management System 授权问题漏洞

SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System version 1.0 has an authorization issue vulnerability , the vulnerability stems from the operation of the parameter studentid in the fi...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from manipulation of the parameter ID in the file /empproject.php, and could lead to...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.15 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability stems from...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/19 12:3 p.m.8 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

6.1CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

WordPress plugin WP with Spritz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.7CVSS5.9AI score0.00403EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/13 5:54 p.m.16 views

CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

9.8CVSS5.8AI score0.00515EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained environmental issues. These issues stemmed...

9.8CVSS6.9AI score0.00515EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.8 views

CVE-2026-4920 Next Date <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/11 7:3 p.m.7 views

WordPress Bootstrap Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Bootstrap Shortcode versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/09 3:31 a.m.11 views

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

SourceCodester Comment System 注入漏洞

The SourceCodester Comment System is an open-source comment system developed by SourceCodester. Version 1.0 of the SourceCodester Comment System has a vulnerability caused by SQL injection due to the parameter manipulation in the file postcomment.php. This vulnerability could be exploited through...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter 'page' in the file 'admin/index.php', whi...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Talos
Talos
added 2026/05/07 12:0 a.m.10 views

Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_disconnect OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2307 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientdisconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientdisconnect...

8.5CVSS7.5AI score0.0116EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Code-Projects Feedback System 注入漏洞

Code-Projects Feedback System is an open-source feedback system developed by Code-Projects. Version 1.0 of the Code-Projects Feedback System has a injection vulnerability; this vulnerability stems from the handling of the parameter 'email' in the file 'admin/checklogin.php', which may lead to SQL...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.7 views

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CodeAstro Membership Management System 代码问题漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CODEASTRO Membership Management System has code-related vulnerabilities. These vulnerabilities stem from the file upload functionality in the /addmembers.php file. Improper...

6.5CVSS6.1AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder