Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this m...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:45 p.m.44 views

CVE-2026-46407 Vvveb: admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokens

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...

8.1CVSS0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.26 views

PT-2026-37203

Name of the Vulnerable Software and Affected Versions Pelican versions 7.21.0 through 7.21.4 Pelican versions 7.22.0 through 7.22.2 Pelican versions 7.23.0 through 7.23.2 Pelican versions 7.24.0 through 7.24.1 Description A privilege escalation issue exists in the Web User Interface WebUI that...

9CVSS5.8AI score0.0032EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Dgraph 信息泄露漏洞

Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.3 had an information leakage vulnerability. This vulnerability stemmed from Dgraph exposing the process command line through unvalidated/debug/vars endpoints,...

9.8CVSS5.8AI score0.02187EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.11 views

Blinko 安全漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a security vulnerability. This vulnerability stemmed from an insecure direct object reference in the user.detail...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

Fleet cross-site scripting vulnerabilities

Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a cross-site scripting vulnerability. This vulnerability...

5.5CVSS5.7AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/13 7:43 a.m.4 views

CVE-2025-12870

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...

9.8CVSS7AI score0.0063EPSS
Exploits0References1
NVD
NVD
added 2025/11/12 8:15 a.m.5 views

CVE-2025-12870

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...

9.8CVSS0.0063EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/12 7:38 a.m.6 views

CVE-2025-12871 aEnrich|a+HRD - Authentication Abuse

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...

9.8CVSS6.8AI score0.00589EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/12 7:38 a.m.10 views

CVE-2025-12871 aEnrich|a+HRD - Authentication Abuse

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...

9.8CVSS0.00589EPSS
Exploits0References2
CVE
CVE
added 2025/11/12 7:38 a.m.9 views

CVE-2025-12871

CVE-2025-12871 concerns the aEnrich a+HRD product. The connected sources confirm an Authentication Abuse vulnerability where unauthenticated remote attackers can forge administrator access tokens and use them to gain elevated privileges on the system. The issue is attributed to the authentication...

9.8CVSS6.8AI score0.00589EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/12 7:35 a.m.20 views

CVE-2025-12870 aEnrich|eHRD - Authentication Abuse

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...

9.8CVSS0.0063EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A security vulnerability exists in aEnrich a+HRD that stems from authentication abuse and could allow an unauthenticated remote attacker to send specially crafted packets to obtain administrator access...

9.8CVSS7AI score0.0063EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.7 views

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...

9.9CVSS6.8AI score0.00668EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42714

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00394EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50437

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 7:35 p.m.8 views

GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens

Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...

8.8CVSS5.9AI score0.005EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/05/13 10:15 a.m.2 views

CVE-2025-40571

A vulnerability has been identified in Mendix OIDC SSO Mendix 10.12 compatible All versions V4.0.1, Mendix OIDC SSO Mendix 9 compatible All versions V3.3.1, Mendix OIDC SSO V4.2 Mendix 10 compatible All versions V4.2.1, Mendix OIDC SSO V4.3 Mendix 10 compatible All versions. The Mendix OIDC SSO...

2.2CVSS5.7AI score0.00232EPSS
Exploits0References2
Huntr
Huntr
added 2025/03/31 2:13 p.m.5 views

XSS vulnerability exists in some specific browsers

Description The XSS vulnerability cannot be triggered in Chrome, but it is triggered when using Firefox and the latest version of Firefox. Since Firefox is widely used, when the administrator uses Firefox to view the relevant interface, the XSS vulnerability will be triggered, resulting in the...

8CVSS6AI score0.00341EPSS
Exploits1
OSV
OSV
added 2025/01/10 10:15 p.m.5 views

CVE-2024-9188

Specially constructed queries cause cross platform scripting leaking administrator tokens...

8.8CVSS5.6AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder