Lucene search
+L

1080 matches found

Nuclei
Nuclei
added 12 hours ago67 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS5.6AI score0.01833EPSS
Exploits1References2
NVD
NVD
added 2 days ago7 views

CVE-2026-46686

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2 days ago4 views

CVE-2026-46686 Emlog Reflected Cross-Site Scripting

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS6AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12385 Smart Slider 3 <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via WP_Query Parameter Injection via 'keyword' Parameter

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
CVE
CVE
added 5 days ago8 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.9 views

openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.14 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/06/07 11:0 p.m.2 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.3CVSS5.7AI score0.00253EPSS
Exploits0References9
CVE
CVE
added 2026/06/07 11:0 p.m.40 views

CVE-2026-11466

CVE-2026-11466 affects the zilliztech deep-searcher up to version 0.0.2. The issue is in deepsearcher/agent/collection_router.py (function CollectionRouter.invoke ), where argument kwargs manipulation leads to improper access controls. This enables remote exploitation ; the exploit is publicly av...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:45 a.m.7 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS5.3AI score0.00193EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.17 views

PT-2026-47176

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.14 views

Tiobon Employee Self-Service System SQL注入漏洞

The Tiobon Employee Self-Service System is an enterprise employee self-service platform developed by Tiobon Corporation. Versions of the Tiobon Employee Self-Service System prior to 7.2 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter...

6.5CVSS6.6AI score0.00193EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-49371

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...

8.2CVSS5.4AI score0.00252EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

JetBrains TeamCity < 2026.1.1 Reflected XSS (CVE-2026-49371)

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1.1. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49371 Note that Nessus has not tested for this issue but has instea...

8.2CVSS5.5AI score0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/30 3:0 p.m.11 views

CVE-2026-10121

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keywordlist/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploi...

9CVSS7.8AI score0.00447EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/29 7:16 p.m.16 views

CVE-2026-49371

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...

8.2CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.35 views

CVE-2026-49371

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...

7.1CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:15 p.m.27 views

CVE-2026-49371

CVE-2026-49371 affects JetBrains TeamCity prior to version 2026.1.1, where the keyword filter is vulnerable to a reflected XSS. The CVE entry documents an in-the-wild impact of a high-severity issue (CVSS 3.1: 7.1, NETWORK attack vector, UI interaction required) originating from insufficient inpu...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder