Lucene search
K

7055 matches found

Talos
Talos
added 2026/05/07 12:0 a.m.10 views

Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_disconnect OS command injection vulnerability

Talos Vulnerability Report TALOS-2025-2307 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientdisconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientdisconnect...

8.5CVSS7.5AI score0.0116EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CodeAstro Membership Management System 代码问题漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CODEASTRO Membership Management System has code-related vulnerabilities. These vulnerabilities stem from the file upload functionality in the /addmembers.php file. Improper...

6.5CVSS6.1AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/06 10:38 a.m.10 views

WordPress Blog Settings plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Blog Settings versions = 1.0...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:38 a.m.10 views

WordPress Zingaya Click-to-Call plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Zingaya Click-to-Call versions = 1.0...

6.1CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/05 3:31 a.m.13 views

EUVD-2026-27209

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 2:26 a.m.15 views

CVE-2026-6704

CVE-2026-6704 affects the WordPress WordPress Blog Settings plugin. It is vulnerable to a reflected Cross-Site Scripting attack via the 'page' parameter in all versions up to 1.0 due to insufficient input sanitization and output escaping. The weakness allows unauthenticated attackers to craft a l...

6.1CVSS6AI score0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.37 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS0.00219EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin Zingaya Click-to-Call 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36957

Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...

6.1CVSS6AI score0.00219EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2026/05/04 2:48 p.m.48 views

CVE

CVE-PENDING: Bdtask Multi-Store Inventory Management System 1...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:0 a.m.7 views

CVE-2026-7746

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /productexpiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/04 4:30 a.m.25 views

CVE-2026-7732

CVE-2026-7732 affects code-projects BloodBank Managing System 1.0. The vulnerable element is an unknown function in request_blood.php, allowing an unrestricted upload. The attack can be executed remotely and the exploit is public. No remediation details are provided in the supplied documents.

6.5CVSS6.4AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/studentdetails that allows for SQL injection attacks wh...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/addnewstudent that manipulate the parameter fname, allowi...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 10:15 p.m.21 views

CVE-2026-7670

Jinher OA 1.0 is affected by CVE-2026-7670 due to a SQL injection in the unknown function of /C6/JHSoft.Web.PlanSummarize/UserSel.aspx via the DeptIDList argument. Exploit maturity is shown as PROOF-OF-CONCEPT, and exploitation is possible remotely with no user interaction. The vulnerability has ...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/02 10:0 a.m.46 views

CVE-2026-7612 itsourcecode Courier Management System edit_user.php sql injection

A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...

5.8CVSS0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43505

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder