Lucene search
+L

89135 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-45261

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary scripts due to improper neutralization of input during web page generation...

9.3CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-45292

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security TLS protocol to a version disabled in the server configuration...

5.9CVSS5.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-50648

A flaw was found in .NET Framework. An unauthorized attacker can exploit this vulnerability remotely by causing the system to allocate resources without proper limits or throttling. This uncontrolled resource allocation can lead to a Denial of Service DoS, making the affected system unresponsive ...

7.5CVSS5.3AI score0.00617EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday41 views

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS8.2AI score0.09825EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday24 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday105 views

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

6.1CVSS3AI score0.01835EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday40 views

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-2822...

6.1CVSS3.2AI score0.03301EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday92 views

NS-ASG Application Security Gateway 6.3 - Sql Injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS6.4AI score0.17622EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday95 views

osCommerce v4.0 - Cross-site Scripting

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2024-4348 info: name:...

5CVSS3.3AI score0.01828EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday57 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.3AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday115 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS5.4AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday49 views

Bank Locker Management System - Cross-Site Scripting

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate...

4.8CVSS3.2AI score0.34771EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday26 views

Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS4.8AI score0.01045EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60768

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to th...

6.5CVSS6AI score
Exploits0References6
CVE
CVE
added 2 days ago8 views

CVE-2026-44435

CVE-2026-44435 : Quicly (QUIC protocol implementation used with H2O) contains an assertion failure that triggers a Denial of Service when the total number of valid handshake messages over a CRYPTO stream within a single packet number space exceeds 32KB. The issue is fixed by commit 937d0e9. Affec...

7.5CVSS6AI score0.00278EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago67 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.7AI score0.37611EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago175 views

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

7.5CVSS5.7AI score0.54232EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago369 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.1AI score0.84967EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago255 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.4AI score0.32895EPSS
Exploits4References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-44839

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
Rows per page
Query Builder