Lucene search
K

2999 matches found

Nuclei
Nuclei
added 16 hours ago108 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS5.8AI score0.00848EPSS
Exploits2References1
NVD
NVD
added yesterday5 views

CVE-2025-53829

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52983

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the item type administration page. An authenticated remote attacker with administrator privileges can inject arbitrary web...

5.4CVSS6AI score0.00196EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.7 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.8AI score0.00196EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52981

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.41 views

CVE-2026-13083 Pen-drive: pen-drive: stored xss via unescaped cluster data in html report

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.8 views

CVE-2026-22313

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49827

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...

9.1CVSS6.2AI score0.00921EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-38812

CVE-2026-38812 affects RuoYi v4.8.2. The vulnerability is a SQL Injection in the code generation module triggered via the /tool/gen/createTable endpoint. It can be exploited by an authenticated attacker with administrative privileges to access sensitive database information. The recorded CVSS3.1 ...

9.8CVSS5.9AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.12 views

EUVD-2026-36377

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48820

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 2:34 p.m.31 views

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:34 p.m.11 views

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 2:34 p.m.9 views

EUVD-2026-36250

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from users who had access to manage servers but did not have management roles or administrator...

7.5CVSS5.6AI score0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 5:21 p.m.51 views

CVE-2026-8913

The CVE affects Archer MR600 v5, specifically the WireGuard client configuration exposed via the web management interface. It enables command injection through improper neutralization of user-controlled input when applying configuration changes. An authenticated administrator can execute arbitrar...

8.5CVSS6AI score0.00907EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Keycloak 授权问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from improper access control in the POST /admin/realms/realm/partialImport endpoint, which may allow limited administrators to bypass...

5.9AI score0.00329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.11 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS6.3AI score0.25323EPSS
Exploits2References1
Rows per page
Query Builder