Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30 matches found

UbuntuCve
UbuntuCveadded 2026/04/06 3:17 p.m.2 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.00013EPSS
Exploits0References2
CVE
CVEadded 2026/04/06 2:31 p.m.6 views

CVE-2026-25932

GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...

7.2CVSS5.9AI score0.00013EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/03/13 8:0 p.m.2 views

EUVD-2026-11720

OneUptime: Stored XSS via Mermaid Diagram Rendering securityLevel: "loose"...

7.6CVSS5.8AI score0.00053EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/13 8:0 p.m.2 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00528EPSS
Exploits1References2
NVD
NVDadded 2026/03/13 7:54 p.m.3 views

CVE-2026-32308

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS0.00053EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/03/13 12:0 a.m.4 views

OneUptime 跨站脚本漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown viewer component rendering Mermaid...

7.6CVSS5.6AI score0.00053EPSS
Exploits1References1
OSV
OSVadded 2026/03/12 9:29 p.m.3 views

CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00053EPSS
Exploits1References3
CVE
CVEadded 2026/03/12 9:29 p.m.26 views

CVE-2026-32308

OneUptime prior to version 10.0.23 is affected by a Stored XSS in the Markdown viewer’s Mermaid diagram rendering. The renderer uses securityLevel: "loose" and injects Mermaid SVG output via innerHTML, allowing interactive bindings and enabling XSS via Mermaid’s click directive to execute arbitra...

7.6CVSS6AI score0.00053EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/03/12 9:29 p.m.30 views

CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS0.00053EPSS
Exploits1References1
CVE
CVEadded 2026/03/12 9:27 p.m.18 views

CVE-2026-32306

CVE-2026-32306 affects OneUptime prior to 10.0.23. The telemetry aggregation API interpolates user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName into ClickHouse queries via .append() with no allowlist, parameterized binding, or input validation. An authentica...

9.9CVSS6.6AI score0.00528EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.1 views

PT-2026-25085

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.9AI score0.00528EPSS
Exploits1References16
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.3 views

PT-2026-25086

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00053EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/02/05 7:23 p.m.9 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

8.8CVSS5.6AI score0.00062EPSS
Exploits0References1
NVD
NVDadded 2026/02/04 6:16 p.m.4 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

8.8CVSS0.00062EPSS
Exploits0References2
OSV
OSVadded 2026/02/04 6:16 p.m.5 views

UBUNTU-CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

8.8CVSS5.8AI score0.00062EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/04 5:15 p.m.24 views

CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS0.00062EPSS
Exploits0References2
OSV
OSVadded 2026/02/04 5:15 p.m.4 views

CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS5.6AI score0.00062EPSS
Exploits0References4
CVE
CVEadded 2026/02/04 5:15 p.m.18 views

CVE-2026-22044

GLPI vulnerable to authenticated SQL injection from versions 0.85 up to, but excluding, 10.0.23. An authenticated user can exploit the flaw to perform a SQL injection; the issue has been patched in version 10.0.23. Affected component is the database query handling that allows injection when alrea...

8.8CVSS5.6AI score0.00062EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/04 5:15 p.m.3 views

CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS5.6AI score0.00062EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/04 5:15 p.m.5 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS5.6AI score0.00062EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder