Lucene search
+L
VulnrichmentRecent

163939 matches found

Vulnrichment
Vulnrichment
•added 2026/06/09 12:21 a.m.•10 views

CVE-2026-44757 Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS5.6AI score0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:21 a.m.•9 views

CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:21 a.m.•9 views

CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:21 a.m.•9 views

CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:21 a.m.•10 views

CVE-2026-44750 Missing Authorization check in SAP MDG (Review Match Groups Application)

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

4.3CVSS5.5AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•9 views

CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS5.4AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•12 views

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•8 views

CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•10 views

CVE-2026-44743 Security Misconfiguration vulnerability in SAP Business Objects

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•21 views

CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)

SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...

9CVSS5.5AI score0.00454EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:20 a.m.•10 views

CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

9.8CVSS5.5AI score0.00437EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:19 a.m.•10 views

CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36772

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•11 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36728

A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...

5.6AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•14 views

CVE-2025-52292

A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.8AI score0.005EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2025-55659

A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00345EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2025-55658

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5AI score0.00296EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2025-55657

A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

5.5AI score0.00467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

6.5AI score0.00998EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36725

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the noticecontent parameter...

5.6AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-39169

SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMScopy.php...

5.4AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36801

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•11 views

CVE-2026-36802

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36783

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.5AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

5.5AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•11 views

CVE-2026-36771

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36819

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2025-55651

A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00192EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2023-43686

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...

5.5AI score0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36821

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36791

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the savelistdata parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.5AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36813

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

6AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•11 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.6AI score0.00511EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36770

Shenzhen Tenda Technology Co., Ltd Tenda USW3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36794

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP...

5.5AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36816

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36779

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, s2, s100, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted...

5.5AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36817

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-36808

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2023-43688

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

5.8AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

5.5AI score0.00816EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-36806

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36777

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.5AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 12:0 a.m.•10 views

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

6.3AI score0.00573EPSS
Exploits0References1
Total number of security vulnerabilities163939