Lucene search
+L

462714 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-45434

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...

5.3CVSS4.7AI score
Exploits0References7
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-45429

A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function resetstorage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Handler. The manipulation results in improper check or handling of exceptional conditions. A high...

2.6CVSS4AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 8 hours ago3 views

CVE-2026-16216

A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been made available to the public and could...

5.3CVSS4.6AI score
Exploits0References6Affected Software1
NVD
NVD
added 9 hours ago5 views

CVE-2026-16207

A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request method with sensitive query strings. The attack can be launched remotely. This attack is characterized...

6.3CVSS
Exploits0References6
Cvelist
Cvelist
added 10 hours ago10 views

CVE-2026-16212 awesto django-shop Purchase Stock inventory.py race condition

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to...

4.2CVSS
Exploits0References6
NVD
NVD
added 10 hours ago8 views

CVE-2026-16206

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function loadidtoken of the file oauth2provider/oauth2validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the...

6.5CVSS
Exploits0References7
Nuclei
Nuclei
added 10 hours ago81 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.3AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago74 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. id: CVE-2021-40972 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity: medi...

6.1CVSS6.3AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago141 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS8.2AI score0.13035EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago52 views

Bitrix Site Manager - Remote Code Execution

In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. id: CVE-2022-27228 info: name: Bitrix Site Manager - Remote Code Execution author: theamanrawat severity: critical description: In the vote aka "Polls, Votes...

10CVSS8.8AI score0.20318EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago33 views

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7.5AI score0.04231EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago55 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...

9.8CVSS8.9AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago71 views

Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. id: CVE-2021-40969 info: name: Spotweb = 1.5.1 - Cross Site Scripting Reflected author: theamanrawat...

6.1CVSS6.3AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago91 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS8.7AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added 10 hours ago38 views

WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting

WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affecte...

6.1CVSS6AI score0.00902EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago103 views

Juniper Web Device Manager - Cross-Site Scripting

Juniper Web Device Manager J-Web in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal...

6.1CVSS6.1AI score0.02468EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago69 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.3AI score0.02907EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago105 views

AppCMS - Cross-Site Scripting

AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...

6.1CVSS5.8AI score0.02542EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago96 views

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

5.3CVSS5.7AI score0.4006EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago37 views

WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

4.8CVSS5AI score0.01262EPSS
Exploits2References5
Rows per page
Query Builder