Lucene search
K
CvelistRecent

364882 matches found

Cvelist
Cvelist
•added 1 hour ago•6 views

CVE-2026-15505 vnotex vnote YAML Frontmatter markdownit.js cross site scripting

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...

5.1CVSS
Exploits0References4
Cvelist
Cvelist
•added 4 hours ago•9 views

CVE-2026-10668 Host-triggerable control-endpoint wedge (DoS) in Nuvoton NuMaker HSUSBD UDC driver

The Nuvoton NuMaker HSUSBD USB device-controller driver drivers/usb/udc/udcnumaker.c armed the control Data IN stage unconditionally base-CEPTXCNT = len in numakerhsusbdeptrigger. Because the HSUSBD hardware cannot disarm a control Data IN already armed for a previous transfer, a USB host that...

2.4CVSS
Exploits0References2
Cvelist
Cvelist
•added 4 hours ago•9 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS
Exploits0References2
Cvelist
Cvelist
•added 4 hours ago•9 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS
Exploits0References3
Cvelist
Cvelist
•added 4 hours ago•7 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS
Exploits0References2
Cvelist
Cvelist
•added 4 hours ago•10 views

CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...

7.4CVSS
Exploits0References2
Cvelist
Cvelist
•added 4 hours ago•9 views

CVE-2026-10663 Use-after-free / double-free of the root USB device in the experimental USB host stack

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS
Exploits0References2
Cvelist
Cvelist
•added 5 hours ago•9 views

CVE-2026-58596 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
•added 8 hours ago•12 views

CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 8 hours ago•13 views

CVE-2026-15501 AstrBotDevs AstrBot MCP Test Endpoint tools.py ToolsRoute.test_mcp_connection server-side request forgery

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 8 hours ago•11 views

CVE-2026-61876 LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•12 views

CVE-2026-61874 filebrowser before 2.63.17 Stale Public Share via Trailing-Slash Delete

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS
Exploits0References3
Cvelist
Cvelist
•added 8 hours ago•10 views

CVE-2026-61875 luci-app-upnp Stored XSS via UPnP Port Mapping Description

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•11 views

CVE-2026-59260 OpenWrt luci-app-samba4 read ACL remote code execution via smbd

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•13 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•10 views

CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•11 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•11 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•10 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•10 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS
Exploits0References3
Cvelist
Cvelist
•added 8 hours ago•11 views

CVE-2026-56259 Crawl4AI - LLM Credential Exfiltration via base_url and Environment Variable Resolution

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•10 views

CVE-2026-56252 Capgo - Scope Isolation Failure in Webhook Test Endpoint

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•12 views

CVE-2026-56241 Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS
Exploits0References2
Cvelist
Cvelist
•added 8 hours ago•8 views

CVE-2026-56238 Capgo - Unauthenticated Information Disclosure via PostgREST global_stats Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST globalstats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/globalstats endpoin...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
•added 9 hours ago•6 views

CVE-2026-15500 AstrBotDevs AstrBot market_list Endpoint plugin.py get_online_plugins server-side request forgery

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 9 hours ago•7 views

CVE-2026-15499 AstrBotDevs AstrBot Scheduled Task cron_tools.py FutureTaskTool.call improper authorization

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 9 hours ago•7 views

CVE-2026-15498 sergomanov SmartHomeAdatum Login users.php sql injection

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 9 hours ago•11 views

CVE-2026-15497 SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 10 hours ago•9 views

CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 10 hours ago•10 views

CVE-2026-15495 SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command injection

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 10 hours ago•10 views

CVE-2026-15494 AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS
Exploits0References5
Cvelist
Cvelist
•added 10 hours ago•9 views

CVE-2026-15493 Akpali9 Attendance-Management-System absent.php cross site scripting

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS
Exploits0References4
Cvelist
Cvelist
•added 11 hours ago•13 views

CVE-2026-15492 igweze wizgrade studentConductManager.php cross site scripting

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS
Exploits0References5
Cvelist
Cvelist
•added 11 hours ago•12 views

CVE-2026-15491 RafyMrX TOKO-ONLINE-ROTI missing authentication

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 11 hours ago•9 views

CVE-2026-15490 RafyMrX TOKO-ONLINE-ROTI add.php sql injection

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 12 hours ago•9 views

CVE-2026-15489 RafyMrX TOKO-ONLINE-ROTI login.php sql injection

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 12 hours ago•10 views

CVE-2026-15488 hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
•added 12 hours ago•9 views

CVE-2026-15487 TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 12 hours ago•12 views

CVE-2026-15486 TRENDnet TEW-821DAP Firmware Update tools_ddns sub_42026C os command injection

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub42026C of the file /goform/toolsddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotel...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 14 hours ago•14 views

CVE-2026-15485 TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 14 hours ago•12 views

CVE-2026-15484 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS
Exploits0References5
Cvelist
Cvelist
•added 14 hours ago•11 views

CVE-2026-15483 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS
Exploits0References5
Cvelist
Cvelist
•added 15 hours ago•10 views

CVE-2026-15482 Aster Telecom Azcall HTTP sis.php sql injection

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestaoloja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added 15 hours ago•12 views

CVE-2026-15481 Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...

9CVSS
Exploits0References5
Cvelist
Cvelist
•added 15 hours ago•10 views

CVE-2026-15480 Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS
Exploits0References5
Cvelist
Cvelist
•added 16 hours ago•10 views

CVE-2026-15479 H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 16 hours ago•11 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 17 hours ago•11 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 17 hours ago•11 views

CVE-2026-15476 QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
•added 18 hours ago•13 views

CVE-2026-15475 MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS
Exploits0References6
Total number of security vulnerabilities364882