Lucene search
K

7072 matches found

Nuclei
Nuclei
added 11 hours ago152 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS6.9AI score0.02837EPSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2025-30008

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-55478

Snipe-IT (IT asset/license management) has a vulnerability in the Kits API. Before version 8.6.2, POST /api/v1/kits/{kit_id}/licenses validates the caller’s ability to edit kits but does not authorize access to the referenced license object. This allows a low-privilege user with predefined-kit pe...

5.4CVSS6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2025-210453

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added yesterday16 views

CVE-2025-30008 HestiaCP < 1.9.5 Stored XSS via DNS Record Management Interface

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-42872

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-54468

CVE-2026-54468 affects Dell Unisphere for PowerMax, versions up to 10.3.0.5. It describes a path traversal vulnerability that could allow a low-privileged, remotely authenticated attacker to read arbitrary files. The connected documents confirm the affected product and vulnerability class but do ...

6.5CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-54468

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-56689

Dell PowerFlex Manager versions prior to 5.1.0.1 are affected by an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. A low-privileged attacker with remote access could potentially cause information exposure. The available documents do not specify ...

7.7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-56689

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS
Exploits0References1
EUVD
EUVD
added yesterday8 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-56690

Affected product: Dell PowerFlex Manager prior to version 5.1.0.1. Vulnerability: SQL Injection due to Improper Neutralization of Special Elements used in SQL commands. Root cause: improper handling of SQL input. Impact: information disclosure and potential unauthorized access; attack can be perf...

8.5CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-55873

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS0.00199EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-55873

SeaweedFS (distributed storage) has a vulnerability in versions 4.08–4.33 where requests signed with SigV4 for s3tables are routed to the S3Tables management API. This causes authorization to collapse account-less S3 identities into the shared admin account and fail open, enabling an authenticate...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References4
Rows per page
Query Builder