Lucene search
K

8579 matches found

EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-41374

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago26 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.7AI score0.04974EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS
Exploits0References1
NVD
NVD
added 2026/06/22 8:16 p.m.10 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:0 p.m.6 views

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.1CVSS6AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:27 p.m.8 views

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:56 p.m.17 views

CVE-2026-54219

UBB.threads is vulnerable to a Stored XSS flaw via user posts and profile fields due to insufficient input sanitization. In the confirmed case, version 7.7.5 is affected, and low-privilege attackers can inject JavaScript that executes in a victim’s browser when viewing content. Other versions may...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:16 p.m.10 views

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

8CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 5:16 p.m.14 views

CVE-2026-35068

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

5.7CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 3:10 p.m.14 views

CVE-2026-35069

Dell PowerFlex Manager is affected by an SQL Injection due to improper neutralization of special elements. The issue affects Dell PowerFlex Manager versions unspecified in the document; an attacker with adjacent network access and low privileges could potentially trigger script injection. Documen...

8CVSS5.9AI score0.00229EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 3:10 p.m.8 views

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

5.7CVSS5.9AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:10 p.m.9 views

EUVD-2026-37743

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

5.7CVSS5.7AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 3:10 p.m.18 views

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

5.7CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 3:5 p.m.24 views

CVE-2026-35068

The CVE-2026-35068 entry affects Dell PowerFlex Manager and describes an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. A low-privileged attacker with adjacent network access could potentially exploit this to achieve an information disclosure. P...

5.7CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 3:5 p.m.10 views

CVE-2026-35068

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS5.9AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:5 p.m.8 views

EUVD-2026-37742

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS5.6AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder