Lucene search
K

1813 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Palo Alto Networks Broker VM 输入验证错误漏洞

Palo Alto Networks Broker VM is a cloud security broker virtual machine component developed by Palo Alto Networks. There is a vulnerability in the input validation of Palo Alto Networks Broker VM, which allows authenticated administrators to inject arbitrary content into certain fields of the...

4.8CVSS5.9AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Easy2Pilot 跨站请求伪造漏洞

Easy2Pilot is a customer and property management platform developed by Easy2Pilot Inc., aimed at real estate agents and property sales professionals. Easy2Pilot has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow...

5.1CVSS5.7AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from permission management issues...

7.1CVSS5.6AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in PAN-OS related to command injection. This vulnerability stems from multiple command injections, which may allow authenticated administrators to bypass system...

8.6CVSS6.1AI score0.01336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from a directory traversal...

6.9CVSS5.8AI score0.00886EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from insecure server-side template injections in multiple modules. The application evaluated user input directly through the...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29848

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.14 views

EUVD-2026-29762

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:43 p.m.9 views

CVE-2026-44403 Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:50 p.m.8 views

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 9:29 a.m.6 views

CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/12 9:29 a.m.76 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

7.2CVSS5.9AI score0.00315EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

7.2CVSS5.9AI score0.00315EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

7.2CVSS5.9AI score0.00315EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 命令注入漏洞

SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...

6.5CVSS5.9AI score0.01398EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Adobe Commerce 路径遍历漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40434

Name of the Vulnerable Software and Affected Versions Wing FTP Server version 8.1.2 Description An authenticated remote code execution issue exists in the session serialization mechanism. Authenticated administrators can inject arbitrary Lua code through the domain admin mydirectory field. This...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References7
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP Forecasting and Replenishment 命令注入漏洞

SAP Forecasting and Replenishment is a demand forecasting and inventory replenishment management system developed by SAP, a German company, for retail and supply chain scenarios. SAP Forecasting and Replenishment has a command injection vulnerability. This vulnerability stems from OS command...

8.2CVSS6.2AI score0.00199EPSS
Exploits0References1
Rows per page
Query Builder