Lucene search
K

23 matches found

EUVD
EUVD
added 6 days ago3 views

EUVD-2026-39445

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 10:16 a.m.13 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS0.00473EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:19 a.m.17 views

CVE-2026-29226

CVE-2026-29226 describes a Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz triggered via Content component operations. Affected versions are before 24.09.06. The recommended remediation is to upgrade to version 24.09.06, which fixes the issue. The available connected sources conf...

7.3CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:19 a.m.44 views

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00473EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:19 a.m.5 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:19 a.m.11 views

EUVD-2026-30858

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS5.8AI score0.00473EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:19 a.m.8 views

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:18 a.m.46 views

CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:16 a.m.46 views

CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00684EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:16 a.m.8 views

CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:16 a.m.20 views

CVE-2026-29220

CVE-2026-29220 is a path traversal in Apache OFBiz (affects versions prior to 24.09.06). The root cause is improper limitation of a pathname to a restricted directory, exposing potential unauthorized access to files. The advisory’s impact, per CVSS 3.1, is a low confidentiality and integrity impa...

6.5CVSS5.8AI score0.00684EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-41846

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, specifically a server-side request forgeing...

7.3CVSS5.9AI score0.00473EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-22918

Malware in sbrugna...

4.8CVSS5.2AI score0.01018EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-22919

Malware in sbrugna...

4.8CVSS5AI score0.02146EPSS
Exploits3References5
Veracode
Veracode
added 2024/06/06 6:42 a.m.9 views

Cross-Site Scripting

typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or JavaScript...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.2 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android Content component that stems from a privilege bypass with a possible way to learn the name of a gmail account on a device...

5.5CVSS5.8AI score0.00096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/11 12:0 a.m.5 views

PT-2022-14494 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue allows for local information disclosure due to a permissions bypass in Content, potentially revealing the Gmail account name on the device. This can be exploited without additional execution...

5.5CVSS5.3AI score0.00096EPSS
Exploits0References3
CNVD
CNVD
added 2015/11/04 12:0 a.m.2 views

Joomla! com_content Component Information Disclosure Vulnerability

Joomla! is an open source content management system CMS. In Joomla! versions 3.x-3.4.5, the comcontent component fails to properly check ACLs.A remote attacker can exploit this vulnerability to obtain sensitive information...

5CVSS6.8AI score0.01955EPSS
Exploits0References1
Prion
Prion
added 2015/10/21 11:59 p.m.15 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880...

4.3CVSS6AI score0.0154EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder