Lucene search
K

18723 matches found

NVD
NVD
added 4 hours ago5 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 7 hours ago2 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-41838

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago34 views

WebTareas 2.4p5 - Cross-Site Scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...

5.4CVSS6.2AI score0.0104EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago54 views

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

7.1CVSS7AI score0.38768EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago15 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS7.8AI score0.02207EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago7 views

Custom Field Manager WordPress - Cross-Site Scripting

Custom Field Manager WordPress plugin through 1.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12873 info: name: Custom Field Manager...

6.1CVSS7.2AI score0.0053EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago31 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...

5.4CVSS6.2AI score0.00906EPSS
Exploits1References4
CVE
CVE
added yesterday10 views

CVE-2026-14754

The CVE covers code-projects Hotel and Tourism Reservation 1.0, where the /admin/add_room.php function is vulnerable. Manipulating the arguments delete_image, edit/description, number, price, rooms, or type can trigger an SQL injection. The attack can be launched remotely, and a public exploit ha...

7.5CVSS6.8AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS6.4AI score
Exploits0References6
Nuclei
Nuclei
added yesterday22 views

Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

8.3CVSS7AI score0.09436EPSS
Exploits1References3
CVE
CVE
added 3 days ago17 views

CVE-2026-28737

CVE-2026-28737 affects Gitea 1.25.0 and later, with a stored XSS flaw in the built-in 3D file viewer (Online3DViewer). When a GLTF file’s extensionsRequired contains an unsupported entry, the viewer emits an error message which Gitea then inserts into the DOM via unsanitized innerHTML, enabling a...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 3 days ago5 views

CVE-2026-22547

CVE-2026-22547 affects Gitea versions before 1.25.5. The issue is that repository creation fields lack validation constraints, including length-limited template fields and trust model/object format values, allowing invalid field values. The root cause is insufficient validation in the repository ...

5.9AI score0.00168EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-9756

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References9
CVE
CVE
added 3 days ago10 views

CVE-2026-9756

CVE-2026-9756 (GenerateBlocks for WordPress) : The WordPress GenerateBlocks plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Headline Block’s dynamic link attribute (linkMetaFieldType) in all versions up to 2.2.1. Root cause: insufficient input sanitization and output escaping ...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41514

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References12
CVE
CVE
added 3 days ago12 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 3 days ago8 views

CVE-2026-8489

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
Rows per page
Query Builder