Lucene search
+L

392 matches found

Nuclei
Nuclei
added 17 hours ago41 views

Osclass Security Advisory 3.4.1 - Local File Inclusion

A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php. id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo...

5CVSS5.5AI score0.2226EPSS
Exploits6References5
CVE
CVE
added 2 days ago15 views

CVE-2026-45738

CVE-2026-45738 : Argo CD contains a Stored XSS in link.argocd.argoproj.io/* annotations that can be rendered as anchor href values in the Summary tab, enabling javascript: execution for a higher-privileged user in the origin session when there is application write access. This is fixed in Argo CD...

7.3CVSS6.2AI score0.00312EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

8.5CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-15738

The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...

8.5CVSS6.2AI score0.00373EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/07 3:15 p.m.5 views

WordPress Vitepos plugin <= 3.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin Vitepos versions = 3.4.2...

8.5CVSS6AI score0.0026EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39369

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.20 views

CVE-2026-54841

CVE-2026-54841 affects WordPress Vitepos plugin versions

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51686

Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...

7.5CVSS6AI score0.00505EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.4AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37582

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

6.5CVSS5.3AI score0.00312EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37581

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS5.1AI score0.00437EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37583

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS5.3AI score0.00337EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-42357

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

6.5CVSS0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-41280

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.16 views

CVE-2026-32966

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-32967

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:0 a.m.31 views

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.00433EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 9:0 a.m.2 views

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS6AI score0.00433EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 8:57 a.m.33 views

CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:57 a.m.28 views

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

9.1CVSS5.2AI score0.00337EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder