Lucene search
K

108695 matches found

Circl
Circl
added yesterday8 views

CVE-2026-56372

creationtimestamp| type| source ---|---|--- 2026-07-11 14:38:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqevco3uzu26 2026-07-11 15:40:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqeyqtibnl27...

4.8CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday8 views

CVE-2026-61428

creationtimestamp| type| source ---|---|--- 2026-07-11 14:35:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev3wf3rx2a 2026-07-11 16:17:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqf2swit5a26...

7.3CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-12103

creationtimestamp| type| source ---|---|--- 2026-07-11 07:34:29+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5lme3vf27 2026-07-11 08:27:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqeak6gj4c2z...

4.3CVSS6.1AI score0.00267EPSS
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-11591

creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:35+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5i7gwfo22 2026-07-11 08:17:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe7xzwjop2g...

4.4CVSS6.1AI score0.00251EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday11 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.6AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday116 views

Versa Concerto API Path Based - Authentication Bypass

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources. id: CVE-2025-34027 info:...

10CVSS7.1AI score0.35993EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday15 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS6.2AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday38 views

RosarioSIS 6.7.2 - Cross-Site Scripting

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...

6.1CVSS6.5AI score0.06325EPSS
Exploits2
Nuclei
Nuclei
added yesterday17 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS6.2AI score0.01778EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday148 views

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...

5.8CVSS6.2AI score0.02676EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday99 views

Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

6.1CVSS6.3AI score0.2406EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday11 views

URL Shortify <= 1.12.1 - Open Redirect

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

4.7CVSS6.1AI score0.00592EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday18 views

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

6.1CVSS6.4AI score0.0077EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday26 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday24 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6.2AI score0.06283EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday67 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.5AI score0.10692EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday15 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday187 views

XWiki >= 6.2-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02377EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday107 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the dataredirecturl parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-43325 info: name: MooSocial 3.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.01857EPSS
Exploits4References5
Rows per page
Query Builder