Lucene search
K

12462 matches found

CVE
CVE
added 4 hours ago6 views

CVE-2026-31985

CVE-2026-31985 affects the Remote Collector when configuring a Guardian or CMC via n2os-tui. The generated configuration disables TLS certificate verification, with no option to re-enable it, enabling MITM and potentially theft of the sync token, impersonation of the server, injection of spoofed ...

8.3CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago87 views

WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting

WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...

6.1CVSS6.3AI score0.26118EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago118 views

WP Query Console <= 1.0 - Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0. id: CVE-2024-50498 info: name: WP Query Console = 1.0 - Remote Code Execution author: s4e-io severity: critical...

10CVSS7.4AI score0.5364EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago130 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS7.1AI score0.02837EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.9AI score0.06996EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago53 views

NetScaler Console - Sensitive Information Disclosure

Sensitive information disclosure in NetScaler Console id: CVE-2024-6235 info: name: NetScaler Console - Sensitive Information Disclosure author: DhiyaneshDk severity: critical description: | Sensitive information disclosure in NetScaler Console impact: | Attackers can access sensitive information...

9.4CVSS7.3AI score0.21331EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago14 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.6AI score0.81814EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

BIT-ACTIVEMQ-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.9AI score0.00563EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

BIT-ACTIVEMQ-2026-49877 Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.9AI score0.0051EPSS
Exploits0References3
Nuclei
Nuclei
added 6 days ago116 views

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...

7.5CVSS7.3AI score0.83957EPSS
Exploits13References5
OSV
OSV
added last week2 views

GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state

Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...

6.9CVSS5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 (7278590)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278590 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.9AI score0.00474EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-11594

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:50 p.m.16 views

CVE-2026-11594

CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:50 p.m.38 views

CVE-2026-11594 IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:50 p.m.5 views

EUVD-2026-40411

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

7.5CVSS0.00474EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:50 p.m.35 views

CVE-2026-11595 IBM WebSphere Application Server is affected by a Path Traversal vulnerability

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS0.00474EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:50 p.m.7 views

EUVD-2026-40398

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS5.8AI score0.00474EPSS
Exploits0References1
Rows per page
Query Builder