6.9

CVSS4.0

CVE-2026-4190 - JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contโ€ฆ

๐Ÿ“… Published: March 15, 2026, 7:32 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 7:32 p.m.

5.1

CVSS4.0

CVE-2026-4189 - phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotely.โ€ฆ

๐Ÿ“… Published: March 15, 2026, 7:32 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 7:32 p.m.

8.7

CVSS4.0

CVE-2026-4188 - D-Link DIR-619L boa formSchedule stack-based overflow

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. Thโ€ฆ

๐Ÿ“… Published: March 15, 2026, 7:32 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 7:32 p.m.

6.9

CVSS4.0

CVE-2026-4187 - Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authenโ€ฆ

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The aโ€ฆ

๐Ÿ“… Published: March 15, 2026, 7:02 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 7:02 p.m.

5.1

CVSS4.0

CVE-2026-4186 - UEditor JSONP Callback controller.php cross site scripting

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotelyโ€ฆ

๐Ÿ“… Published: March 15, 2026, 7:02 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 7:02 p.m.

8.8

CVSS4.0

CVE-2015-20120 - RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database conโ€ฆ

๐Ÿ“… Published: March 15, 2026, 6:35 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 6:35 p.m.

8.7

CVSS4.0

CVE-2017-20220 - Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

๐Ÿ“… Published: March 15, 2026, 6:34 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 6:34 p.m.

5.1

CVSS4.0

CVE-2017-20219 - Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to documeโ€ฆ

๐Ÿ“… Published: March 15, 2026, 6:34 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 6:34 p.m.

8.5

CVSS4.0

CVE-2017-20218 - Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users grouโ€ฆ

๐Ÿ“… Published: March 15, 2026, 6:34 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 6:34 p.m.

8.7

CVSS4.0

CVE-2017-20217 - Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieveโ€ฆ

๐Ÿ“… Published: March 15, 2026, 6:34 p.m. ๐Ÿ”„ Last Modified: March 15, 2026, 6:34 p.m.
Total resulsts: 338057
Page 2 of 33,806
ยซ previous page ยป next page
Filters