Lucene search
K

6852 matches found

CVE
CVE
added yesterday8 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS0.00418EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday79 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS6.8AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday195 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7AI score0.05238EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability

...

8CVSS0.00538EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago144 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.4AI score0.37099EPSS
Exploits4References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS0.00371EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-6875

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying...

9.5CVSS0.00509EPSS
Exploits0References1
The Hacker News
The Hacker News
added 3 days ago9 views

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57852

Name of the Vulnerable Software and Affected Versions ServiceNow AI platform affected versions not specified Description An issue in the ServiceNow AI platform allows an unauthenticated user with network access to perform a sandbox escape, which is a process of breaking out of a restricted...

9.5CVSS6.4AI score0.00509EPSS
Exploits0References12
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43061

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 6 days ago4 views

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 6 days ago24 views

CVE-2026-13235

This CVE concerns a Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) impacting Drupal AI versions 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is improper access validation for agent tools exposed by Drupal core actions, enabling forceful browsing by an att...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

0.00161EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

CVE-2026-13234 AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References5
CVE
CVE
added 6 days ago13 views

CVE-2026-13234

CVE-2026-13234 concerns an improper neutralization of input during web page generation (XSS) in Drupal AI (Artificial Intelligence). Affected versions: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is input handling within the module and certain submodules (AI Automators, AI Translat...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42974

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
Rows per page
Query Builder