40652 matches found
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
CVE-2026-21052
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...
CVE-2026-44342
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-44342
CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...
CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-44342
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...
CVE-2026-10698
CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...
CVE-2026-14792
A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...
CVE-2026-14792
A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...
PT-2026-55855
Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...
Debian dla-4669 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...
Debian dsa-6376 : openvpn - security update
The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6376 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/securit...
UBUNTU-CVE-2026-50722
Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...
CVE-2026-14086
creationtimestamp| type| source ---|---|--- 2026-07-01 23:42:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmoyxxmt22y 2026-07-01 23:42:21+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpmoz3vl3a2l 2026-07-02 07:51:58+00:00| seen|...
CVE-2026-14102
creationtimestamp| type| source ---|---|--- 2026-07-01 21:48:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpminn4tbe2q 2026-07-01 21:48:39+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpminqz6hj2g 2026-07-02 08:15:24+00:00| seen|...
CVE-2026-27435
creationtimestamp| type| source ---|---|--- 2026-07-01 10:52:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpldyxfiem2r 2026-07-01 11:37:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgjmmcz222 2026-07-01 13:12:45+00:00| seen|...