Lucene search
+L

8567 matches found

Nuclei
Nuclei
added 11 hours ago11 views

WordPress Front End Users - Reflected XSS

WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS8AI score0.00511EPSS
Exploits1References1
Nuclei
Nuclei
added 11 hours ago84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS5.9AI score0.1052EPSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-45011

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the...

3.1CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-44985

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS6AI score0.0003EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
CVE
CVE
added 3 days ago66 views

CVE-2026-45068

CVE-2026-45068 affects Symfony’s SendmailTransport in -t mode. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, recipient addresses were appended to the sendmail command line without a -- end-of-options separator, so an address starting with - could be treated as a sendmail option rather tha...

8.7CVSS6.1AI score0.00399EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-45068 Symfony: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
Microsoft KB
Microsoft KB
added 3 days ago35 views

June 9, 2026—KB5094041 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Microsoft KB
Microsoft KB
added 3 days ago88 views

June 9, 2026—KB5094042 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-58319 Apache Doris: Improper Authentication in Frontend HTTP API

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

0.00614EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43653

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS6.1AI score0.00614EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-15487 TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...

6.5CVSS0.0105EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-15485

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43208

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub42026C of the file /goform/toolsddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotel...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-15484

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS0.00463EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2026-15483

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS0.00463EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43206

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS6.2AI score0.00463EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-15484 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS0.00463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 days ago3 views

CVE-2026-15483 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS7.3AI score0.00463EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43205

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS6.3AI score0.00463EPSS
Exploits0References5
Rows per page
Query Builder