Security Vulnerabilities
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to extract sensitive database information.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-03-12
A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-12
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-12
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-03-12
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-03-12
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-03-12
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
CVSS Score
5.8
EPSS Score
0.004
Published
2026-03-12