Lucene search
K

1754 matches found

NVD
NVD
added 2026/04/20 7:16 p.m.7 views

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS0.00191EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/20 7:16 p.m.3 views

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.8AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 7:16 p.m.4 views

UBUNTU-CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.8AI score0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 6:20 p.m.2 views

CVE-2026-6060 Possible DoS via SQL Box

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.7AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 6:20 p.m.35 views

CVE-2026-6060 Possible DoS via SQL Box

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 6:20 p.m.4 views

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.7AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33824

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS5.7AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2026/04/14 4:16 p.m.7 views

CVE-2025-65136

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

6.1CVSS0.00181EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 1:18 a.m.8 views

EUVD-2026-22192

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

5.1CVSS6AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.2 views

PT-2026-32166

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00342EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

Keycloak < 26.4.11 Multiple Vulnerabilities

Keycloak versions installed prior to 26.4.11 are affected by multiple vulnerabilities: - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an...

4.2CVSS5.8AI score0.00275EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 4:16 p.m.5 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.4CVSS0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 5:7 p.m.3 views

CVE-2026-33404

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

6.1CVSS5.9AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.5 views

CVE-2026-33403

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillog.js allows an unauthenticated attacker to inject arbitrary HTML into the Pi-hole admin interface...

6.1CVSS6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.5 views

CVE-2026-33406

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

6.1CVSS6AI score0.00254EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 4:16 p.m.10 views

CVE-2026-33405

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...

4.8CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 3:17 p.m.6 views

CVE-2026-33404

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

6.1CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 3:17 p.m.11 views

CVE-2026-33406

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

6.1CVSS0.00254EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 2:50 p.m.3 views

EUVD-2026-19285

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

5.4CVSS6AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 2:50 p.m.18 views

CVE-2026-33406

Pi-hole Admin Interface (6.0–before 6.5) contains a stored HTML attribute injection in the /api/config values embedded into HTML value="" attributes via settings-advanced.js, enabling attribute-level manipulation. The root cause is unescaped config values, which can break out of the attribute con...

6.1CVSS6AI score0.00254EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder