Lucene search
K

105 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 9:18 p.m.5 views

CVE-2026-43918

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:0 p.m.8 views

CVE-2026-52781

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted data- attributes via :data wildcard. An attacker injects data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount ...

6.4CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 10:16 p.m.13 views

CVE-2026-48505

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

7.4CVSS0.00193EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 3:4 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writer field's link and email marks. An attacker can execute arbitrary JavaScript code in the context of the authenticated user's browser session by injecting a malicious link and tricking the user into...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 9:33 p.m.22 views

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

8.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47017

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. An OS command injection exists in the "/ssh/file manager/ssh/resolvePath" endpoint. T...

9.9CVSS6AI score0.02008EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/05/27 7:33 a.m.32 views

CVE-2026-49001 Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS0.00109EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 9:16 p.m.20 views

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 3:16 p.m.18 views

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.10 views

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.25 views

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:15 p.m.11 views

EUVD-2018-21887

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.20 views

CVE-2018-25363

CVE-2018-25363 – Twitter-Clone 1 CSRF : The vulnerability allows remote attackers to coerce authenticated users into deleting posts by crafting hidden HTML forms targeting tweetdel.php with tweet IDs and auto-submitting them. The issue arises from a cross-site request forgery that can delete arbi...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.10 views

PT-2026-43216

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

Linkwarden 跨站脚本漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden 2.14.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the archive upload endpoint accepting HTML files without cleaning JavaScript...

8.8CVSS5.8AI score0.00458EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 11:10 p.m.5 views

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

8.8CVSS6AI score0.00458EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/05 1:33 p.m.7 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the browser interaction routes process. An attacker can access unauthorized internal or external resources by bypassing policy enforcement through existing...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25348

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...

6.9CVSS5.8AI score0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

SenseLive X3050 代码问题漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a code vulnerability that stems from improper execution of the Web management interface’s session lifecycle. This issue allows authenticated...

6.9CVSS6AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder