Lucene search
K

7727 matches found

Nuclei
Nuclei
added 18 hours ago29 views

i-Panel Administration System 2.0 - Cross-Site Scripting

i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console. id: CVE-2021-41878 info: name: i-Panel Administration System 2.0 - Cross-Site Scripting author: madrobot severity: medium...

6.1CVSS6.6AI score0.09912EPSS
Exploits4References5
Nuclei
Nuclei
added 18 hours ago42 views

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.02187EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago5 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-53323

A flaw was found in the Linux kernel's Distributed Switch Architecture DSA subsystem. Redundant locking operations within the DSA conduit ethtool wrappers can lead to a deadlock. A local attacker can exploit this by using the ethtool -i command, causing the system to become unresponsive and...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-53322

A flaw was found in the Linux kernel's vfio/pci subsystem. During device shutdown, an improper order of operations in cleaning up Direct Memory Access Buffers DMABUFs before disabling the function creates a brief window. In this window, a device's Base Address Registers BARs could still be access...

8.8CVSS5.7AI score0.00174EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53294

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

0.00177EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.5 views

CVE-2026-53294

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

5.7AI score0.00177EPSS
Exploits0
NVD
NVD
added 2026/06/26 8:16 a.m.8 views

CVE-2026-57876

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 11:6 p.m.4 views

CVE-2026-53196

A flaw was found in the Linux kernel's ioti USB serial driver. A malicious USB device, when plugged into a host running this driver, can exploit a heap overflow vulnerability in the getmanufinfo function. This occurs because the driver does not properly validate the size of data read from the...

6.8CVSS6.2AI score0.00282EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The lock-range check for files with equal size is skipped, to avoid underflow when size == 0. When size equals the current isize including 0, the code that calls checklockrangefilp, isize, size - 1, WRITE will compute size...

5.9AI score0.00168EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fixed a potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can originate from the user space of the hidraw driver, and is bounded ...

7.8CVSS6AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51660

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.01684EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

8.6CVSS5.7AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
Rows per page
Query Builder