Lucene search
K

1463 matches found

CVE
CVE
added 2026/05/26 5:3 p.m.24 views

CVE-2026-44730

OpenCTI (open-source platform for threat intel) has a privilege-escalation vulnerability affecting the GraphQL API prior to version 6.9.7. An organization admin can elevate privileges by adding a user from a different organization with higher privileges to their own organization due to an incorre...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/26 5:3 p.m.50 views

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 3:16 p.m.12 views

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS0.00641EPSS
Exploits0References7
NVD
NVD
added 2026/05/26 3:16 p.m.15 views

CVE-2026-41917

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS0.00387EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.9 views

CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

8.6CVSS6AI score0.00679EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Check Point Multi-Domain Management 安全漏洞

Check Point Multi-Domain Management is a centralized security management platform provided by Check Point Israel. Check Point Multi-Domain Management has a security vulnerability. This vulnerability arises from the fact that when compliance is enabled in the multi-domain management system, verifi...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42563

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Reflected Cross-Site Scripting XSS occurs in Legacy Pagination through HTML attribute injection. The ConcreteCoreLegacyPagination class constructs pagination links by raw-interpolating the $URL...

6CVSS5.8AI score0.00139EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have a security vulnerability. This vulnerability arises from failing to clean up the path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field...

9.4CVSS6.1AI score0.00738EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.10 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS0.00441EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 8:7 p.m.6 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.9AI score0.00441EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00448EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

Movable Type 安全漏洞

Movable Type is a content management system developed by Movable Type Inc. There is a security vulnerability in Movable Type, which stems from a lack of authorization verification. This vulnerability may allow users without administrator privileges to log in and perform unexpected updates...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from low-privilege administrators with the view-clients role being able to exploit the evaluate-scopes management API endpoint by passing arbitrary...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.42 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.11 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.47 views

CVE-2026-7046 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS0.00355EPSS
Exploits0References11
NVD
NVD
added 2026/05/13 9:16 p.m.10 views

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.12 views

CVE-2026-44856

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References1
Rows per page
Query Builder