Lucene search
K

27760 matches found

Nuclei
Nuclei
added 13 hours ago126 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS6.8AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
added 13 hours ago74 views

GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

10CVSS7.2AI score0.13227EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago137 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
EUVD
EUVD
added 16 hours ago5 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score
Exploits0References2
EUVD
EUVD
added 16 hours ago4 views

EUVD-2026-43055

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score
Exploits0References2
EUVD
EUVD
added 16 hours ago4 views

EUVD-2026-43058

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-15087

CVE-2026-15087 concerns Drupal Clean RESTful; the provided documents identify a vulnerability and classify it as Critical/Unsupported via SA-CONTRIB-2026-078, but concrete technical details (affected versions, vulnerable component/function, exploit path, impact, or a patch) are not provided in th...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-15084

CVE-2026-15084 is a Stored XSS vulnerability in Drupal UI Patterns (SDC in Drupal UI). Affects UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17. The issue is due to improper neutralization of input during web page generation. Public references indicate SA-CONTRIB-2026-075 describes th...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday19 views

CVE-2026-13243

The Drupal Salesforce Suite CSRF CVE-2026-13243 affects the Salesforce integration in Drupal via the Salesforce module, with the vulnerability stemming from improper validation of the OAuth handshake during interactive authentication. This can allow an attacker to hijack the authorization token a...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-13239

CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-13237

The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-11909

CVE-2026-11909 concerns a missing authorization vulnerability in the Drupal Examples for Developers project, specifically in the file handling behavior exposed by the file_example submodule. The issue enables forceful browsing by allowing access to files PHP can reach, across Examples for Develop...

6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42953

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure bu...

6.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-57023

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-33803

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-57054

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS6AI score0.00347EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago42 views

CVE-2026-57031

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago13 views

CVE-2026-57029

CVE-2026-57029 describes a missing synchronization vulnerability in the flow collector handler of Junos OS Evolved on QFX Series. When the reachability of an sFlow collector changes, updating the next-hop entry can race with the sFlow thread accessing the same data, causing the evo-pfemand proces...

6CVSS6AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder