Lucene search
+L

109957 matches found

cve
cve
added 5 hours ago6 views

CVE-2026-15737

CVE-2026-15737 affects the AWS Bedrock AgentCore Python SDK. Unintended logging of sensitive user content occurs in the OpenTelemetry instrumentation for SDK versions 1.4.8 and 1.5.0, where raw user prompts and complete agent responses were written into OpenTelemetry span attributes on every invo...

5.7CVSS6.1AI score
Exploits0References3
nuclei
nuclei
added 13 hours ago47 views

Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. id: CVE-2016-10973 info: name: Brafton WordPress Plugin 3.4.8 - Cross-Site Scripting author: Harsh severity: medium description: | The Brafton plugin...

7.4CVSS6.4AI score0.01975EPSS
Exploits2References3
nuclei
nuclei
added 13 hours ago55 views

Artica Proxy Community Edition <4.30.000000 - Local File Inclusion

Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter. id: CVE-2020-13158 info: name: Artica Proxy Community Edition 4.30.000000 - Local File Inclusion author: 0xAkoko severity: high description: Artica Proxy Communi...

7.5CVSS7AI score0.53524EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago36 views

nitely/spirit 0.12.3 - Open Redirect

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. id: CVE-2022-0869 info: name: nitely/spirit 0.12.3 - Open Redirect author: ctflearner severity: medium description: | Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. impact: | An attacker can...

6.1CVSS6.1AI score0.0262EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago70 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7AI score0.29451EPSS
Exploits2References5
nuclei
nuclei
added 13 hours ago85 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02998EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago62 views

Autoptimize < 3.1.0 - Information Disclosure

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. id: CVE-2022-4057 info: name: Autoptimize 3.1.0 - Information Disclosure author: DhiyaneshDK severity: medium description: | The Autoptimize WordPress plugin before 3.1.0 uses...

5.3CVSS6.2AI score0.0146EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago82 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.5AI score0.01131EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago106 views

OURPHP <= 7.2.0 - Cross Site Scripting

OURPHP alertdocument.domain" matchers-condition: and matchers: - type: word part: body words: - "alertdocument.domain...

6.1CVSS6.4AI score0.01173EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago122 views

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

5.3CVSS6.2AI score0.09545EPSS
Exploits2References5
nuclei
nuclei
added 13 hours ago71 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.1AI score0.04736EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago62 views

Tiempo.com <= 0.1.2 - Cross-Site Scripting

Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to stea...

6.1CVSS6.8AI score0.0085EPSS
Exploits2References3
nuclei
nuclei
added 13 hours ago34 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

5.4CVSS6.4AI score0.01046EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago74 views

ATutor < 2.2.1 - Cross Site Scripting

ATutor 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting XSS, in ATtutor 2.2.1 via token body parameter. id: CVE-2023-27008 info: name: ATutor 2.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ATutor 2.2.1 was discovered with a vulnerability, a...

6.1CVSS6.4AI score0.01499EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago39 views

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-2822...

6.1CVSS4.4AI score0.03301EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago45 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.4AI score0.0125EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago104 views

Jeecg-boot 3.5.0 qurestSql - SQL Injection

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. id: CVE-2023-1454 info: name: Jeecg-boot 3.5...

9.8CVSS6.5AI score0.35825EPSS
Exploits3References5
nuclei
nuclei
added 13 hours ago74 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
nuclei
nuclei
added 13 hours ago77 views

KubeView <=0.1.31 - Information Disclosure

KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possib...

9.8CVSS7.1AI score0.51696EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago75 views

ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens. id: CVE-2022-24681 info: name: ManageEngine ADSelfService Plus 6121 - Stored Cross-Site...

6.1CVSS6.4AI score0.03619EPSS
Exploits1References5
Rows per page
Query Builder