Lucene search
K

40652 matches found

Nuclei
Nuclei
added 9 hours ago50 views

XWiki >= 2.5-milestone-2 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02268EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago115 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-21052

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 3 days ago18 views

CVE-2026-44342

CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00437EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-10698

CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 5 days ago4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS0.00366EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55855

Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...

6.9CVSS6.7AI score0.00366EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

Debian dla-4669 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Debian dsa-6376 : openvpn - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6376 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/securit...

7.5CVSS7AI score0.00549EPSS
Exploits0References14
OSV
OSV
added 2026/07/03 12:0 a.m.4 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
Circl
Circl
added 2026/07/01 11:42 p.m.11 views

CVE-2026-14086

creationtimestamp| type| source ---|---|--- 2026-07-01 23:42:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmoyxxmt22y 2026-07-01 23:42:21+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpmoz3vl3a2l 2026-07-02 07:51:58+00:00| seen|...

8.8CVSS5.9AI score0.00303EPSS
Exploits0References8
Circl
Circl
added 2026/07/01 9:48 p.m.9 views

CVE-2026-14102

creationtimestamp| type| source ---|---|--- 2026-07-01 21:48:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpminn4tbe2q 2026-07-01 21:48:39+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpminqz6hj2g 2026-07-02 08:15:24+00:00| seen|...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References4
Circl
Circl
added 2026/07/01 10:52 a.m.12 views

CVE-2026-27435

creationtimestamp| type| source ---|---|--- 2026-07-01 10:52:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpldyxfiem2r 2026-07-01 11:37:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgjmmcz222 2026-07-01 13:12:45+00:00| seen|...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References4
Rows per page
Query Builder