Lucene search
+L

504 matches found

nuclei
nuclei
added 9 hours ago21 views

Pi-hole Reflected XSS in 404-Error Page

Pi-hole Admin Interface = 6.2.1 contains a reflected XSS vulnerability on the 404 error page. The URL path is reflected unsanitized into the class attribute of the body tag, allowing attribute injection via a crafted URL to execute arbitrary JavaScript in victim browsers. id: CVE-2025-53533 info:...

6.1CVSS6.8AI score0.00564EPSS
Exploits2References2
osv
osv
added 2026/06/10 12:31 a.m.3 views

GHSA-293Q-567P-WMWQ Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

In Spring Security Web, SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS5.8AI score0.00116EPSS
Exploits0References4
nessus
nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017453 advisory. Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior,...

6.3CVSS6.9AI score0.46751EPSS
Exploits0References4
ibm
ibm
added 2026/03/05 7:53 a.m.12 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in log4j-core (CVE-2025-68161)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-68161 of log4j-core-2.17.1.jar. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
redhatcve
redhatcve
added 2026/02/11 7:44 p.m.8 views

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

7.2CVSS5.5AI score0.00336EPSS
Exploits0References1
nvd
nvd
added 2026/02/10 4:16 p.m.8 views

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

7.2CVSS0.00336EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/02 8:32 a.m.3 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.1CVSS3.5AI score0.00242EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2026/01/02 12:0 a.m.5 views

PT-2026-1060

Name of the Vulnerable Software and Affected Versions LigeroSmart versions up to 6.1.24 Description A flaw exists in the Environment Variable Handler component of LigeroSmart. Manipulation of the REQUEST URI argument can lead to cross-site scripting. The issue may be exploited remotely. The explo...

5.1CVSS5.6AI score0.00242EPSS
Exploits1References12
cnnvd
cnnvd
added 2025/12/11 12:0 a.m.6 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.2AI score0.00275EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/11/18 12:0 a.m.4 views

Zyxel DX3300-T0 操作系统命令注入漏洞

The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...

8.8CVSS7.5AI score0.00995EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/10/27 12:0 a.m.5 views

Pi-Hole Adminlte 注入漏洞

Pi-Hole Adminlte is a control panel. It is used for statistics More... An injection vulnerability exists in Pi-Hole Adminlte versions prior to 6.3 that stems from failure to properly clean up input when redirecting requests for files with the .lp extension, which could lead to a CRLF injection...

8.2CVSS6.9AI score0.00398EPSS
Exploits1References2
cvelist
cvelist
added 2025/10/07 6:21 p.m.10 views

CVE-2025-3449 Weak Session Token used in Automation Runtime SDM

A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...

4.2CVSS0.00185EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/07 6:3 p.m.12 views

CVE-2025-3450 Automation Runtime SDM requests may impact system

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions...

10CVSS0.0026EPSS
Exploits0References1
ibm
ibm
added 2025/10/07 7:8 a.m.11 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...

7.5CVSS6.4AI score0.0046EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.17 views

EUVD-2017-12412

Malware in sbrugna...

6.3CVSS7.9AI score0.00438EPSS
Exploits0References19
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2000-0789

Malware in sbrugna...

7.2CVSS6.4AI score0.01174EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-11408

Malware in sbrugna...

6.1CVSS6.3AI score0.01944EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.10 views

EUVD-2018-7482

Malware in sbrugna...

7.2CVSS6.6AI score0.00297EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-14829

Malware in sbrugna...

6.5CVSS6.9AI score0.01437EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-14946

Malware in sbrugna...

6.3CVSS7.3AI score0.0058EPSS
Exploits0References6
Rows per page
Query Builder