Lucene search
K

137 matches found

Cvelist
Cvelist
added 2026/02/18 1:12 p.m.21 views

CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS0.00204EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/17 6:30 p.m.2 views

Injection

Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...

7.5CVSS5.6AI score0.00364EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/17 6:2 p.m.3 views

CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/17 6:2 p.m.4 views

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References6
OSV
OSV
added 2026/01/17 6:2 p.m.3 views

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

6.9CVSS6.6AI score0.00364EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/01/17 6:2 p.m.27 views

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS0.00364EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.8 views

Digital-infrastructure SQL injection vulnerabilities

Digital-Infrastructure is an open-source management platform developed by Risesoft. Versions of Digital-Infrastructure 9.6.7 and earlier contain a SQL injection vulnerability. This vulnerability stems from incorrect operations on the component REST Authenticate Endpoint located in the file...

7.5CVSS7.1AI score0.00364EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.5 views

PT-2026-3745

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS7AI score0.00364EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.5 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

5.1CVSS7.2AI score0.00214EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1871

Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...

5.1CVSS6.9AI score0.00214EPSS
Exploits1References7
CVE
CVE
added 2026/01/08 12:0 a.m.16 views

CVE-2025-67090

GL.iNet AX1800 devices running firmware 4.6.4 or 4.6.8 are affected by CVE-2025-67090 due to lack of rate limiting or account lockout on the LuCI authentication endpoint (/cgi-bin/luci). This allows an unauthenticated attacker on the local network to perform unlimited password attempts against th...

5.1CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.9 views

CVE-2025-15106

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.5AI score0.00323EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/27 12:30 p.m.4 views

EUVD-2025-205474

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.2AI score0.00323EPSS
Exploits1References5
NVD
NVD
added 2025/12/27 11:15 a.m.13 views

CVE-2025-15106

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS0.00323EPSS
Exploits1References4
CVE
CVE
added 2025/12/27 10:32 a.m.17 views

CVE-2025-15106

The CVE-2025-15106 vulnerability affects the getmaxun project’s Authentication Endpoint, specifically the router.get in file server/src/routes/auth.ts. The underlying issue is improper authorization caused by manipulation of router.get, with remote exploit potential and a publicly available explo...

6.5CVSS6.3AI score0.00323EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/27 10:32 a.m.22 views

CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS0.00323EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/27 10:32 a.m.4 views

CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.3AI score0.00323EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/27 12:0 a.m.7 views

PT-2025-53618

Name of the Vulnerable Software and Affected Versions getmaxun versions prior to 0.0.28 Description A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the router.get function within the server/src/routes/auth.ts file is susceptible to improper authorization due ...

6.5CVSS6.5AI score0.00323EPSS
Exploits1References10
Snyk
Snyk
added 2025/12/15 12:30 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the \authentication\ file. An attacker can inject and execute arbitrary scripts by submitting crafted input to the affected endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs...

6.1CVSS5.4AI score0.00392EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/11/29 9:40 p.m.162 views

Exploit for CVE-2025-65899

CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...

7.3AI score0.00314EPSS
Exploits3
Rows per page
Query Builder