Lucene search
K

364869 matches found

NVD
NVD
added 2026/06/08 12:16 a.m.16 views

CVE-2026-11468

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=roomtypes. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 12:16 a.m.16 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS0.00232EPSS
Exploits0References6
NVD
NVD
added 2026/06/07 11:16 p.m.12 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/07 11:16 p.m.13 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS0.00253EPSS
Exploits0References7
NVD
NVD
added 2026/06/07 11:16 p.m.14 views

CVE-2026-11462

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

7.5CVSS0.00294EPSS
Exploits0References6
NVD
NVD
added 2026/06/07 11:16 p.m.12 views

CVE-2026-11463

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...

7.5CVSS0.00313EPSS
Exploits0References7
NVD
NVD
added 2026/06/07 11:16 p.m.8 views

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/07 10:16 p.m.17 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS0.00225EPSS
Exploits0References6
NVD
NVD
added 2026/06/07 8:16 p.m.15 views

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS0.00311EPSS
Exploits0References6
NVD
NVD
added 2026/06/07 1:16 p.m.24 views

CVE-2026-49494

Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...

8.7CVSS0.00542EPSS
Exploits0References4
NVD
NVD
added 2026/06/07 10:16 a.m.13 views

CVE-2026-11459

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS0.00106EPSS
Exploits1References6
NVD
NVD
added 2026/06/07 9:16 a.m.19 views

CVE-2026-11458

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/06/07 9:16 a.m.16 views

CVE-2026-11456

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxfdumpsystable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

7.5CVSS0.0026EPSS
Exploits0References5
NVD
NVD
added 2026/06/07 9:16 a.m.17 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/06/07 9:16 a.m.14 views

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS0.00936EPSS
Exploits0References7
NVD
NVD
added 2026/06/07 4:16 a.m.13 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/07 4:16 a.m.19 views

CVE-2026-11451

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS0.02027EPSS
Exploits1References5
NVD
NVD
added 2026/06/07 4:16 a.m.13 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS0.01681EPSS
Exploits1References5
NVD
NVD
added 2026/06/07 3:16 a.m.14 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
NVD
NVD
added 2026/06/07 3:16 a.m.12 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS0.01572EPSS
Exploits1References5
NVD
NVD
added 2026/06/07 3:16 a.m.17 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS0.01582EPSS
Exploits0References5
NVD
NVD
added 2026/06/07 2:16 a.m.15 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS0.01073EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 11:16 p.m.15 views

CVE-2026-26422

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

8.4CVSS0.00164EPSS
Exploits0References3
NVD
NVD
added 2026/06/06 9:16 p.m.21 views

CVE-2026-36229

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0
NVD
NVD
added 2026/06/06 6:16 p.m.17 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 6:16 p.m.13 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 6:16 p.m.12 views

CVE-2026-11441

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 5:16 p.m.13 views

CVE-2026-11437

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

7.5CVSS0.00409EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 5:16 p.m.16 views

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS0.00214EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 4:16 p.m.15 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS0.00263EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 4:16 p.m.13 views

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 3:16 p.m.12 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS0.00275EPSS
Exploits0References7
NVD
NVD
added 2026/06/06 2:16 p.m.12 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS0.00481EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 11:16 a.m.13 views

CVE-2026-11411

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS0.00171EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 11:16 a.m.15 views

CVE-2026-11412

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 11:16 a.m.12 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.01114EPSS
Exploits0References8
NVD
NVD
added 2026/06/06 10:16 a.m.15 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 10:16 a.m.17 views

CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS0.00414EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 5:16 a.m.16 views

CVE-2026-9851

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS0.00345EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 5:16 a.m.16 views

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00325EPSS
Exploits0References12
NVD
NVD
added 2026/06/06 5:16 a.m.15 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00296EPSS
Exploits0References14
NVD
NVD
added 2026/06/06 5:16 a.m.15 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00234EPSS
Exploits0References8
NVD
NVD
added 2026/06/06 5:16 a.m.13 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS0.00813EPSS
Exploits0References24
NVD
NVD
added 2026/06/06 5:16 a.m.14 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS0.00261EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 5:16 a.m.13 views

CVE-2026-9594

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS0.00201EPSS
Exploits0References6
NVD
NVD
added 2026/06/06 4:17 a.m.13 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS0.00234EPSS
Exploits0References11
NVD
NVD
added 2026/06/06 4:17 a.m.12 views

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS0.00353EPSS
Exploits0References14
NVD
NVD
added 2026/06/06 4:17 a.m.12 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 4:17 a.m.11 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS0.00214EPSS
Exploits0References8
NVD
NVD
added 2026/06/06 4:17 a.m.13 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS0.00558EPSS
Exploits0References5
Total number of security vulnerabilities364869