Lucene search
K

319 matches found

Cvelist
Cvelist
added 2026/03/12 3:37 p.m.29 views

CVE-2019-25535 Netartmedia PHP Dating Site SQL Injection via loginaction.php

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

8.8CVSS0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24997

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

8.8CVSS5.9AI score0.00254EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.4 views

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

6.1CVSS5.3AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

5.1CVSS5.8AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 4:55 p.m.27 views

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 2:16 a.m.10 views

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

6.1CVSS0.00291EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:11 a.m.4 views

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS5.4AI score0.00291EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/20 1:11 a.m.27 views

CVE-2026-26987 LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS0.00291EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/20 1:11 a.m.5 views

CVE-2026-26987 LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS5.4AI score0.00291EPSS
Exploits1References4
CVE
CVE
added 2026/02/20 1:11 a.m.16 views

CVE-2026-26987

CVE-2026-26987 affects LibreNMS up to version 25.12.0 with a Reflected XSS vulnerability in the email field of alerting settings. The issue is fixed in version 26.2.0. Multiple sources (NVD, Red Hat, OSV, GHSA) corroborate that user-input in the email field can be reflected, potentially allowing ...

6.1CVSS5.4AI score0.00291EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/20 1:11 a.m.5 views

CVE-2026-26987 LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS5.4AI score0.00291EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.10 views

PT-2026-20981

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS5.4AI score0.00291EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.6 views

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.5AI score0.05145EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 10:7 p.m.2 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email field in the alerting settings page. An attacker can execute arbitrary...

6.1CVSS5.7AI score0.00291EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.6 views

LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

6.1CVSS5.5AI score0.00291EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/18 6:24 p.m.9 views

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS0.05145EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 4:45 p.m.18 views

CVE-2026-20139

CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...

4.3CVSS5.5AI score0.05145EPSS
Exploits0References1Affected Software2
Patchstack
Patchstack
added 2026/02/02 7:34 a.m.8 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'email' vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.112...

6.4CVSS5.3AI score0.00477EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47911

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/01 12:15 p.m.4 views

EUVD-2021-34760

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4
Rows per page
Query Builder