Lucene search
K

120568 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 1:40 p.m.3 views

CVE-2026-6062

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 1:40 p.m.18 views

CVE-2026-6062

CVE-2026-6062 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, and 10.11.x ≤ 10.11.17. The issue is a logic flaw where the system fails to validate channel ownership of an existing subscription before applying edits, enabling an authenticated attacker to hijack subsc...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/22 1:34 p.m.12 views

CVE-2026-5139

Mattermost plugin vulnerability CVE-2026-5139 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue arises in the /gitlab connect command handler where administrator authorization is not enforced for the setDefaultInstance call, allowing any ...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:34 p.m.7 views

EUVD-2026-38246

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:20 p.m.22 views

CVE-2025-33128

The CVE-2025-33128 affects IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). Affected versions are 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that lets an authent...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:20 p.m.39 views

CVE-2025-33128 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:18 p.m.6 views

EUVD-2026-38241

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.5 views

CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/22 12:54 p.m.28 views

CVE-2026-56448 Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:54 p.m.7 views

EUVD-2026-38238

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:54 p.m.5 views

CVE-2026-56448

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:39 p.m.3 views

CVE-2026-56447

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 12:31 p.m.15 views

CVE-2026-56446

MISP is affected by CVE-2026-56446 where an authenticated site administrator could configure an arbitrary filesystem path for the NDJSON error log via JsonLogTool. Logged data can contain attacker-controlled content, enabling direction of log output to a web-accessible PHP file and potentially in...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:26 a.m.6 views

CVE-2026-12580

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:26 a.m.10 views

EUVD-2026-38222

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:26 a.m.32 views

CVE-2026-12580 Digiwin|EasyFlow .NET - Stored Cross-Site Scripting

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:26 a.m.11 views

CVE-2026-12580

CVE-2026-12580 affects Digiwin EasyFlow .NET. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw that permits authenticated remote attackers to inject persistent JavaScript code which executes in users’ browsers when a page loads. Impact is described as allowing the attacker to cause u...

5.4CVSS6AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 7:47 a.m.34 views

CVE-2025-62198 Apache Atlas: Stored XSS in Create Entity page

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 7:47 a.m.17 views

CVE-2025-62198

CVE-2025-62198 affects Apache Atlas versions 2.4.0 and earlier. The issue is a stored XSS on the Create Entity page that can be triggered by an authenticated user. Affected software is clearly specified as Apache Atlas; the root cause is a stored XSS in the Create Entity flow. The recommended mit...

5.4CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.32 views

CVE-2026-8157 Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

0.00237EPSS
Exploits0References1
Rows per page
Query Builder