Lucene search
K

257621 matches found

CVE
CVE
added yesterday8 views

CVE-2026-13353

CVE-2026-13353 affects the WP Ultimate CSV Importer (WordPress plugin) up to version 8.0.1. The root cause is missing capability checks on AJAX handlers (install_addon, saveMappedFields, StartImport) and exposure of the plugin nonce to any authenticated admin page, which enables a Subscriber+ to ...

8.8CVSS6.3AI score0.00383EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-43079

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

6.1AI score0.00254EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday48 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7AI score0.99585EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday15 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.6AI score0.76148EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection

FreePBX Endpoint Manager 17.0.2.36 to = 17.0.2.36 && 17.0.3 - Authenticated Command Injection author: th3y severity: critical description: | FreePBX Endpoint Manager 17.0.2.36 to 17.0.3 contains a command injection caused by improper sanitization in filestore module's testconnection checksshconne...

8.6CVSS7.1AI score0.84618EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday114 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.2AI score0.39335EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday72 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content. id: CVE-2022-42096 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS6AI score0.0196EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday112 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.3AI score0.71725EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday65 views

Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS7.1AI score0.80635EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday185 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.1AI score0.99838EPSS
Exploits21References5
CVE
CVE
added 2 days ago34 views

CVE-2026-14480

CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References2
CVE
CVE
added 2 days ago33 views

CVE-2026-55882

Summary: Tilt (Tilt HUD server) before v0.37.4 exposes Go pprof endpoints under /debug with no access control, allowing unauthenticated network-accessible listeners to read memory and tokens via /debug/pprof/heap and /debug/pprof/goroutine, and potentially degrade performance via /debug/pprof/pro...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-55659

Grist has a cross-site scripting (XSS) vulnerability (CVE-2026-55659) in server-rendered pages caused by embedding user-controlled values into the page and inline scripts without proper escaping. The issue affects pages where a document’s name/description is rendered and where the OAuth2 end-of-f...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2 days ago4 views

CVE-2026-55880

OpenReplay CVE-2026-55880 affects OpenReplay self-hosted session replay (versions 1.27.0 and earlier). The root cause is that three mutation operations—notes.delete, dashboards.update_widget, and dashboards.remove_widget—executed SQL without the ownership predicate used by their read/edit sibling...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-55469

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS0.00378EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-53448

A flaw was found in Coturn, a free open-source implementation of TURN and STUN Server. The HTTPS administration panel, specifically in the delete-user, delete-secret, and delete-IP operations, does not properly sanitize HTTP query parameters. This allows an authenticated administrator to inject...

7.2CVSS6.4AI score0.00677EPSS
Exploits0References7
CVE
CVE
added 2 days ago5 views

CVE-2026-55461

Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()-&gt;previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()-&gt;intended(...) when redirect_option=back is submi...

6.1CVSS6.1AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00269EPSS
Exploits0References3
Rows per page
Query Builder