Lucene search
K

108831 matches found

IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago26 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...

7.5CVSS6.2AI score0.00478EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS
Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 6 hours ago6 views

CVE-2026-15067

Snowflake Terraform Provider before 2.18.0 is affected by SQL injection via an unsanitized data source input that can cause arbitrary SQL execution within the provider’s privileged Snowflake session, potentially enabling data exfiltration and creation of long‑lived credentials. DDL injection in u...

8.8CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago6 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS
Exploits0References1
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-42284

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 10 hours ago3 views

EUVD-2026-42221

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS6.2AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 13 hours ago8 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
Nuclei
Nuclei
added 16 hours ago84 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS7.1AI score0.63407EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago69 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...

7.2CVSS7.1AI score0.04903EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago69 views

Hoteldruid v3.0.5 - SQL Injection

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php. id: CVE-2023-43374 info: name: Hoteldruid v3.0.5 - SQL Injection author: ritikchaddha severity: critical description: | Hoteldruid v3.0.5 was discovered to...

9.8CVSS7.2AI score0.03272EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago93 views

Fortinet FortiWLM Unauthenticated Command Injection Vulnerability

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands Successful exploitation of this vulnerability could allow an attacker to...

9.8CVSS7.3AI score0.18148EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago37 views

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

6.1CVSS6AI score0.00468EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago26 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added 16 hours ago157 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.8AI score0.08216EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago30 views

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

6.1CVSS6.3AI score0.07652EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago45 views

Joomla! Component JotLoader 2.2.1 - Local File Inclusion

A directory traversal vulnerability in the JotLoader comjotloader component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File...

6.8CVSS6.1AI score0.08571EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago41 views

GRAND FlAGallery 1.57 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. id: CVE-2011-4624 info: name: GRAND FlAGallery 1.57 - Cross-Site Scripting...

4.3CVSS6AI score0.07062EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago29 views

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

7.5CVSS6.1AI score0.12991EPSS
Exploits1References5
Rows per page
Query Builder