Lucene search
K

16925 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WSO2多款产品 注入漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

7.5CVSS6AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:25 p.m.9 views

GHSA-MGHP-5CQ4-V6MG Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 6:31 p.m.9 views

EUVD-2026-28799

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

2.3CVSS5.8AI score0.00282EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 4:53 p.m.9 views

GHSA-2H64-C999-C9R6 SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE

Summary The kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths render.ts:120 → outerHTML,...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 3:27 p.m.7 views

CVE-2026-41683 HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

8.6CVSS5.7AI score0.00327EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 10:10 p.m.11 views

Daptin fuzzy search injects unvalidated column name into raw SQL

Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/06 6:13 p.m.28 views

CVE-2026-8021

CVE-2026-8021 is a UI-based script injection (UXSS) in Google Chrome. Multiple connected sources (OSV/DEBIAN-CVE-2026-8021, PT-2026-38214, PTSecurity) confirm: affecting Google Chrome versions prior to 148.0.7778.96, caused by a vulnerability in the browser UI that could execute arbitrary scripts...

4.2CVSS6AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

FluentCMS 安全漏洞

FluentCMS is a .NET-based content management system CMS that is primarily used to quickly build websites and manage web content. A cross-site scripting vulnerability exists in the FluentCMS TextHTML plugin. The vulnerability stems from insufficient validation of user input and failure to properly...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/04 12:0 a.m.70 views

📄 cPanel Authentication Manipulation / Session Injection

This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...

9.8CVSS6AI score0.981EPSS
Exploits64
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.2 views

CVE-2026-39807

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS5.8AI score0.00454EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/30 6:16 p.m.6 views

CVE-2026-36761

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS0.00155EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/29 12:33 p.m.17 views

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5116 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

3.1CVSS5.7AI score0.00236EPSS
Exploits0
Veracode
Veracode
added 2026/04/29 10:41 a.m.9 views

Default Security Bypass

Spring Boot is vulnerable to Default Security Bypass. The vulnerability is due to Spring Boot's default web security being ineffective, where an application with no Spring Security configuration and relying on the default web security filter chain can allow unauthorized access to all endpoints, a...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2026/04/28 12:16 a.m.6 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS0.00489EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. Versions of VMware Spring Boot 4.0.0 to 4.0.5 have security vulnerabilities. These vulnerabilities stem from the default web security being ineffective, which may allow unauthorized access to all endpoints...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:34 p.m.2 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/27 11:34 p.m.30 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS0.00489EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/27 9:17 p.m.5 views

Cross-site Scripting (XSS)

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Document embed editable process. An attacker can execute arbitrary scripts in the context of users viewing the rendered pag...

5.4CVSS5.8AI score0.00194EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which stems from the handling of parameter ID...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35548

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Description Default web security in certain configurations is ineffective, allowing unauthorized and unauthenticated access to all endpoints. This occurs when a servlet-based web application relies on t...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References15
Rows per page
Query Builder