Lucene search
+L
VulnrichmentRecent

163619 matches found

vulnrichment
vulnrichment
•added 2026/06/15 1:30 a.m.•11 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.2AI score0.00196EPSS
Exploits0References5
vulnrichment
vulnrichment
•added 2026/06/15 1:15 a.m.•8 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7AI score0.00292EPSS
Exploits0References5
vulnrichment
vulnrichment
•added 2026/06/15 1:0 a.m.•7 views

CVE-2026-12203 HKUDS AI-Trader Research Export agents.csv information disclosure

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5.3AI score0.00402EPSS
Exploits0References9
vulnrichment
vulnrichment
•added 2026/06/15 12:45 a.m.•9 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.7AI score0.00214EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/15 12:30 a.m.•11 views

CVE-2026-12201 IObit Malware Fighter DLL permission

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS5.3AI score0.00103EPSS
Exploits0References6
vulnrichment
vulnrichment
•added 2026/06/15 12:15 a.m.•8 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS7.9AI score0.00324EPSS
Exploits0References5
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•12 views

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.1AI score0.00525EPSS
Exploits0References7
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•10 views

CVE-2026-39197

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

5.3AI score0.00289EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

5.7AI score0.0056EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

5.2AI score0.00248EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

5.3AI score0.01345EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

6AI score0.00284EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

5.3AI score0.01046EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00225EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00235EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.6AI score0.00202EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•10 views

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00202EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.6AI score0.00235EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2025-55643

A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.2AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.2AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.2AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2025-55650

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.2AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00202EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2025-55649

A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2025-55642

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

5.3AI score0.00363EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

5.8AI score0.00393EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•6 views

CVE-2026-50875

Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...

5.2AI score0.00282EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

5.3AI score0.01046EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

5.4AI score0.00718EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.7AI score0.00321EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•6 views

CVE-2026-30120

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

6.1AI score0.0081EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•6 views

CVE-2026-30121

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

5.4AI score0.00324EPSS
Exploits1References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

5.8AI score0.01571EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

5.8AI score0.00476EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-36933

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...

5.8AI score0.00174EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2026-50878

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

5.3AI score0.00441EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-50870

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...

5.2AI score0.00308EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2026-36213

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...

5.2AI score0.00479EPSS
Exploits2References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.2AI score0.00627EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

5.7AI score0.00374EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50879

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00324EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•9 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

5.5AI score0.00511EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-37216

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

5.1AI score0.00181EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-39007

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

5.3AI score0.00375EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2026-36521

PublicCMS V5.202506.d has a Cross Site Scripting XSS vulnerability in the site configuration management module...

5.1AI score0.00181EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/06/15 12:0 a.m.•7 views

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

5.9AI score0.00165EPSS
Exploits0References1
Total number of security vulnerabilities163619