Lucene search
K

2939 matches found

Nuclei
Nuclei
added yesterday17 views

WordPress Advanced Access Manager - Path Traversal

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

9.8CVSS7AI score0.02734EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago37 views

Zoho ManageEngine - Access Control Bypass

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

9.8CVSS7.1AI score0.83321EPSS
Exploits1References3
Nuclei
Nuclei
added 4 days ago287 views

Oracle Access Manager - Remote Code Execution

The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...

9.8CVSS7.1AI score0.96284EPSS
Exploits5References5
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 2:1 p.m.35 views

CVE-2026-11877 Missing Authorization Vulnerability in OpenText Access Manager

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

6.3CVSS0.00178EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:1 p.m.5 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS5.9AI score0.00178EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 2:1 p.m.30 views

CVE-2026-11877

CVE-2026-11877 affects OpenText Access Manager prior to 5.1.3. An unauthorised user can modify configuration via API calls, indicating a missing authorization vulnerability. Supported details show the impact is at the configuration level (no data leakage described) with remote network access requ...

7.5CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 2:1 p.m.9 views

EUVD-2026-38792

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 2:1 p.m.7 views

EUVD-2026-38791

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 2:1 p.m.35 views

CVE-2026-11878 Reflected Cross-Site Scripting vulnerability in OpenText Access Manager

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:1 p.m.5 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 2:1 p.m.8 views

CVE-2026-11878

CVE-2026-11878 describes a reflected Cross-Site Scripting (XSS) vulnerability in OpenText Access Manager, affecting the Access Manager releases 5.1 through 5.1.2. The issue arises from improper neutralization of input during web page generation, enabling XSS. According to the provided metrics, th...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51819

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions prior to 5.1.3 Description An unauthorized user can modify configuration through API calls, which impacts the OpenText Access Manager. Recommendations Update OpenText Access Manager to version 5.1.3 or later...

6.3CVSS5.8AI score0.00178EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.130 views

Zoho ManageEngine - Remote Code Execution

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

9.8CVSS8.1AI score0.9994EPSS
Exploits5References5
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46812

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.13 views

CVE-2026-35314

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

7.3CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.11 views

CVE-2026-35313

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

9.9CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.13 views

CVE-2026-35261

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.5CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder