Lucene search
+L

878 matches found

nvd
nvd
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS6.1AI score
Exploits0References4Affected Software1
nuclei
nuclei
added yesterday33 views

Trinity Audio <= 5.21.0 - Information Exposure

The Trinity Audio Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

5.3CVSS6.1AI score0.00937EPSS
Exploits1References2
nuclei
nuclei
added yesterday17 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS6.1AI score0.00892EPSS
Exploits0References2
nuclei
nuclei
added yesterday57 views

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS6.9AI score0.03096EPSS
Exploits1References2
nvd
nvd
added 2 days ago3 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS0.00394EPSS
Exploits0References2
nvd
nvd
added 6 days ago6 views

CVE-2026-57474

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS0.00279EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/06 8:12 a.m.8 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References3
ossf
ossf
added 2026/06/29 5:51 a.m.9 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
redhat
redhat
added 2026/06/24 4:29 p.m.14 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

9.8CVSS5.9AI score0.02719EPSS
Exploits20References55
nessus
nessus
added 2026/06/24 12:0 a.m.13 views

Tenable Identity Exposure < 3.93.5 Multiple Vulnerabilities (TNS-2026-16)

The version of Tenable Identity Exposure running on the remote host is prior to 3.93.5. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-16: - Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive...

9.9CVSS8AI score0.65838EPSS
Exploits29References94
nvd
nvd
added 2026/06/19 5:16 p.m.12 views

CVE-2017-20270

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS0.0027EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/19 4:17 p.m.6 views

CVE-2017-20270

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/19 4:17 p.m.31 views

CVE-2017-20270 Joomla! Component Twitch Tv 1.1 SQL Injection

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS0.0027EPSS
Exploits0References4
nvd
nvd
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20264

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
nvd
nvd
added 2026/06/19 4:16 p.m.16 views

CVE-2017-20254

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...

8.8CVSS0.00334EPSS
Exploits0References4
euvd
euvd
added 2026/06/19 3:57 p.m.7 views

EUVD-2017-18991

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/19 3:44 p.m.39 views

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
cve
cve
added 2026/06/19 3:44 p.m.19 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/19 3:44 p.m.6 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder