Lucene search
K

12428 matches found

CVE
CVE
added 2026/02/25 2:11 a.m.25 views

CVE-2026-27822

RustFS before 1.0.0-alpha.83 is affected by a Stored XSS in the RustFS Console that bypasses PDF preview logic, allowing an attacker to steal admin credentials from localStorage and potentially takeover accounts and compromise the system. The issue is fixed in 1.0.0-alpha.83. No exploitation deta...

9CVSS5.9AI score0.06029EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21991

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One affected versions not specified Description The Trend Micro Apex One management console contains a path traversal weakness. This allows attackers with access to the console to execute malicious code on unpatched Windows...

9.8CVSS7.9AI score0.03811EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21848

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.83 Description RustFS is a distributed object storage system built in Rust. A Stored Cross-Site Scripting XSS vulnerability exists in the RustFS Console, allowing an attacker to execute arbitrary JavaScript...

9CVSS6.1AI score0.06029EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2026/02/24 5:3 p.m.7 views

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.3.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

8.8CVSS7AI score0.47621EPSS
Exploits8References18
NCSC
NCSC
added 2026/02/23 2:27 p.m.48 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

6.8CVSS8.4AI score0.05145EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:46 p.m.6 views

CVE-2025-69401

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through = 2.5.2...

5.4AI score0.00329EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2025-13113

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

5.3CVSS5.5AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS6.9AI score0.06996EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2026/02/20 12:24 a.m.4 views

SUSE CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.8AI score0.00447EPSS
Exploits3References3
Redos
Redos
added 2026/02/20 12:0 a.m.6 views

ROS-20260220-73-0026

A vulnerability in the fbconinfofromconsole function of the Linux kernel is related to incorrect index calculation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.8CVSS5.5AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.5 views

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...

6.5CVSS5.5AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2025-13113

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

5.3CVSS0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.3 views

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

5.3CVSS5.5AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.31 views

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

5.3CVSS0.00282EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 12:16 a.m.10 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS0.00447EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20592

Name of the Vulnerable Software and Affected Versions Web Accessibility by accessiBe versions up to and including 2.11 Description The Web Accessibility by accessiBe plugin for WordPress is susceptible to exposure of sensitive information. This occurs because the accessibe render js in footer...

5.3CVSS5AI score0.00282EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

Weblate 参数注入漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.0 contained a parameter injection vulnerability. This vulnerability stemmed from the SSH management console failing to validate the input when adding SSH host keys,...

9.1CVSS5.8AI score0.00447EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/02/18 11:5 p.m.30 views

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

6.6CVSS0.00447EPSS
Exploits3References3
CVE
CVE
added 2026/02/18 11:5 p.m.34 views

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder