Lucene search
K

7152 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago5 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4Affected Software1
CVE
CVE
added 7 hours ago3 views

CVE-2026-40633

Summary: Dell PowerScale OneFS contains an information disclosure vulnerability (Insertion of Sensitive Information into Log File) affecting PowerScale OneFS 9.5.0.0–9.10.1.7 and 9.11.0.0–9.13.0.2. A low-privilege, local attacker could exploit this to disclose information. Affected products/versi...

7.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago154 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS6.9AI score0.02837EPSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-36035

Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a Denial of Service DoS via removing the license from the webserver...

6.5CVSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-44552

ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-48259

Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...

9.6CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-48371 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-15641

Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review...

Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

7.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday8 views

EUVD-2026-43577

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-43545

AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...

4.7CVSS6.3AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58705

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager affected versions not specified Description Adobe Experience Manager contains a Server-Side Request Forgery SSRF flaw, which occurs when a server is tricked into making requests to an unintended location. This issue...

9.6CVSS6.5AI score
Exploits0References3
Rows per page
Query Builder