Lucene search
K

15 matches found

Veracode
Veracode
added 2026/03/17 7:51 p.m.6 views

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...

8.8CVSS6.1AI score0.00323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/13 1:14 a.m.27 views

CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

3.8CVSS0.00171EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/02 1:56 p.m.173 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 ⚠ This tool is created solely for education...

9.8CVSS8.6AI score0.99962EPSS
Exploits24
CVE
CVE
added 2025/10/14 12:15 p.m.10 views

CVE-2025-9066

Summary: CVE-2025-9066 affects Rockwell Automation’s FactoryTalk ViewPoint. Unauthenticated attackers can abuse SOAP requests to trigger XML External Entity (XXE) processing, resulting in a temporary denial-of-service. The vulnerability is documented across multiple sources (NVD, Rockwell advisor...

8.7CVSS6.5AI score0.00415EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-41226

D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

6.8CVSS7.2AI score0.00705EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 3:15 a.m.5 views

CVE-2023-41221

D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

6.8CVSS6.3AI score0.00705EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.2 views

CVE-2023-41219

D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. T...

6.8CVSS6.3AI score0.00705EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/09 12:0 a.m.5 views

The vulnerability of the SetTriggerPPPoEValidate() function in D-Link DIR-X3260 Wi-Fi routers’ software allows a hacker to bypass security restrictions and execute arbitrary code.

The vulnerability of the SetTriggerPPPoEValidate function in D-Link DIR-X3260 Wi-Fi routers is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and execute arbitrary code by sending specially crafted HNAP...

8CVSS7.9AI score0.01114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-2726 · NetGear · Netgear Rax30

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. The specific flaw exists within the handling of SOAP...

7.2CVSS6.6AI score0.00571EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.3 views

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment allows a perpetrator to execute arbitrary code.

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment is related to integer overflow during SOAP request processing. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted HTTP requests...

9.8CVSS7.7AI score0.0586EPSS
Exploits1References6Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/09 4:57 p.m.20 views

Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server Liberty Core affect CICS Transaction Gateway

Summary Potential Spoofing vulnerability in WebSphere Application Server Liberty Core used by CICS Transaction Gateway affects Web Service requests. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server cou...

4.3CVSS0.4AI score0.01503EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.5 views

The vulnerability of Netgear’s networking hardware’s microprogramming software, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of Netgear’s networking hardware’s microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted SOAP requests...

5CVSS5.5AI score
Exploits0References1Affected Software24
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:54 p.m.45 views

Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)

Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...

5.8CVSS1AI score0.05806EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2016/02/23 12:0 a.m.4 views

EMC Documentum xCP SQL Query Injection Vulnerability

EMC Documentum is an enterprise document and image management tool that makes the creation, modification, tracking and utilization of documents in business processes efficient, standardized and rigorous. EMC Documentum xCP fails to properly handle XCP REST requests, allowing remote attackers to...

6.5CVSS7.8AI score0.01708EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/08 12:0 a.m.4 views

Multiple F5 Products Privilege Acquisition Vulnerabilities

F5 BIG-IP LTM, etc. are products of F5 USA.LTM is a local traffic manager; APM is a set of solutions that provide secure and unified access to business-critical applications and networks. A security vulnerability exists in the iControl API of several F5 products. Because the...

9CVSS6.9AI score0.68483EPSS
Exploits5References1
Rows per page
Query Builder