Lucene search
K

2047 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2023-37524

HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...

7.7CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
CVE
CVE
added last week14 views

CVE-2026-11998

CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References6
EUVD
EUVD
added last week6 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 2:17 p.m.9 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 1:31 p.m.35 views

CVE-2026-11772 Reflected XSS in DRIMO CMS

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 1:31 p.m.9 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 1:31 p.m.9 views

CVE-2026-11772

DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:31 p.m.11 views

EUVD-2026-38450

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache Log4j1.2

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter, where the values to be inserted are converted using PatternLayout. The message converter %m is likely to always be included. This allows attackers to manipulate SQL statements by entering crafted...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References1
Node JS Blog
Node JS Blog
added 2026/06/18 12:0 a.m.158 views

Thursday, June 18, 2026 Security Releases

Thursday, June 18, 2026 Security Releases UPDATE 2026-06-18 Security releases available Updates are now available for the 26.x, 24.x, 22.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: llhttp 9.4....

9.8CVSS6.1AI score0.0156EPSS
Exploits1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.100 views

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

9.8CVSS7.2AI score0.99997EPSS
Exploits8References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.7 views

CVE-2026-0419

Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...

8CVSS5.6AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.7 views

CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS5.4AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35453

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS5.4AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47817

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS5.4AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-10060

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

9.8CVSS6.2AI score0.0501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

9.8CVSS6.4AI score0.0501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-10062

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9.8CVSS8.3AI score0.00835EPSS
Exploits1References1
Rows per page
Query Builder