Lucene search
+L

2060 matches found

euvd
euvd
added 5 days ago5 views

EUVD-2026-43055

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00181EPSS
Exploits0References2
euvd
euvd
added 5 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00162EPSS
Exploits0References2
nvd
nvd
added 6 days ago3 views

CVE-2026-13231

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1CVSS0.00181EPSS
Exploits0References1
nvd
nvd
added 6 days ago5 views

CVE-2026-13232

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

3.1CVSS0.00162EPSS
Exploits0References1
cve
cve
added 6 days ago13 views

CVE-2026-13232

This CVE concerns Drupal Advanced Content Feedback (admin_feedback). Affected: versions 0.0.0–2.8.0. Root cause: incorrect authorization, failing to sufficiently verify authorization over the targeted feedback record during comment processing. Impact: potential access bypass/IDOR, enabling forcef...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00162EPSS
Exploits0References1
cve
cve
added 6 days ago11 views

CVE-2026-13231

Summary: CVE-2026-13231 affects Drupal Advanced Content Feedback (admin_feedback). The issue is improper neutralization of input during web page generation, causing a Stored XSS vulnerability. The vulnerable component is the admin_feedback module, with affected versions 0.0.0 through 2.8.0. The r...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-13231 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00181EPSS
Exploits0References1
metasploit
metasploit
added 6 days ago16 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
metasploit
metasploit
added 6 days ago13 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 32-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
nvd
nvd
added 2026/07/06 10:16 p.m.11 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/06 9:10 p.m.3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/07/06 9:10 p.m.14 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/06 9:10 p.m.32 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
osv
osv
added 2026/07/06 9:10 p.m.7 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-56024

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The application lacks authentication, rate limiting, and input validation at the 'POST /api/feedback' endpoint. This allows arbitrary content to be forwarded directly to a Discord webhook,...

6.5CVSS6AI score0.003EPSS
Exploits0References7
nvd
nvd
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13567

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/29 12:30 p.m.36 views

CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
euvd
euvd
added 2026/06/29 12:30 p.m.8 views

EUVD-2026-40082

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
cve
cve
added 2026/06/29 12:30 p.m.16 views

CVE-2026-13567

The CVE-2026-13567 entry affects code-projects Online Music Site 1.0 in the POST Request Handler’s /Frontend/Feedback.php. An attacker can manipulate parameters fname, femail, faddress, or fmessage to trigger cross-site scripting. The issue is remote-present with a publicly released exploit (Proo...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
Rows per page
Query Builder