Lucene search
+L

1366 matches found

cvelist
cvelist
added 2026/02/03 6:7 p.m.33 views

CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Ta...

6.1CVSS0.00283EPSS
Exploits1References4
cve
cve
added 2026/02/03 6:7 p.m.18 views

CVE-2026-25487

CVE-2026-25487 affects Craft Commerce (Craft CMS). A stored XSS flaw exists in the Tax Rates Name field displayed in the admin Store Management panel. Affected versions are 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1. The issue enables attackers with store settings/taxes permissions to injec...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/02/03 6:6 p.m.5 views

CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

6.1CVSS5.5AI score0.00253EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/02/03 6:6 p.m.3 views

CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

6.2CVSS5.4AI score0.00261EPSS
Exploits1References4
osv
osv
added 2026/02/03 6:6 p.m.6 views

CVE-2026-25485 Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References6
osv
osv
added 2026/02/02 10:51 p.m.3 views

GHSA-WQC5-485V-3HQH Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. Proof of Concept...

6.1CVSS5.8AI score0.00261EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/02/02 10:41 p.m.3 views

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

8.5CVSS8.4AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/02 10:41 p.m.40 views

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

8.5CVSS0.00262EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/02 8:50 p.m.5 views

CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS5.4AI score0.00222EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/02 8:50 p.m.8 views

CVE-2025-12680

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS5.4AI score0.00222EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/02 8:50 p.m.28 views

CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS0.00222EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.12 views

PT-2026-5695

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS5.4AI score0.00222EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/22 7:23 a.m.9 views

CVE-2026-24016

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...

8.4CVSS5.5AI score0.00143EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/18 1:13 a.m.14 views

CVE-2026-0518

CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console...

4.8CVSS6.1AI score0.00145EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/17 12:0 a.m.8 views

Absolute Secure Access security vulnerability

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.20 contained a security vulnerability. This vulnerability allowed attackers wit...

4.8CVSS5.8AI score0.00145EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22601

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

8.6CVSS7.5AI score0.00325EPSS
Exploits0References1
cve
cve
added 2026/01/12 6:0 a.m.15 views

CVE-2025-14579

The CVE-2025-14579 affects the Quiz Maker WordPress plugin (versions prior to 6.7.0.89). The issue is caused by insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is S...

4.8CVSS5AI score0.00185EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:32 p.m.7 views

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/01/09 10:40 a.m.9 views

CVE-2022-35169

SAP BusinessObjects Business Intelligence Platform LCM - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on...

6.5CVSS6.9AI score0.00627EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:34 a.m.6 views

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

7.2CVSS7.1AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder