2026-03-26 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-58341 | Opencart - OpenCart Core | OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the ‘search’ parameter. Attackers can send GET requests to the product search endpoint with malicious ‘search’ values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques. | CVSS4.0: 8.8 - HIGH CVSS3.1: 8.2 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: yesTechnical Impact: partial | OpenCart Core 4.0.2.3 SQL Injection via search Parameter | github |
| CVE-2019-25564 | Uvnc - PCHelpWareV2 | PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash. | CVSS4.0: 6.8 - MEDIUM CVSS3.1: 5.5 - MEDIUM | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: partial | PCHelpWareV2 1.0.0.5 Denial of Service via Group Field | github |
| CVE-2019-25597 | Nsauditor - NSauditor | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition. | CVSS4.0: 6.9 - MEDIUM CVSS3.1: 6.2 - MEDIUM | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | NSauditor 3.1.2.0 Denial of Service via Community Field | github |
This post is licensed under CC BY 4.0 by the author.