Lucene search
+L

7171 matches found

ptsecurity
ptsecurity
added 4 days ago5 views

PT-2026-57870

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the handling of screen recording files allows a local attacker with low-privileged code execution capabilities to create a denial-of-service condition. The issue occurs when the...

5.5CVSS6.5AI score0.00104EPSS
Exploits0References3
attackerkb
attackerkb
added last week6 views

CVE-2025-30008

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References5
nvd
nvd
added last week6 views

CVE-2025-30008

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS0.00181EPSS
Exploits0References4
cve
cve
added last week8 views

CVE-2026-55478

Snipe-IT (IT asset/license management) has a vulnerability in the Kits API. Before version 8.6.2, POST /api/v1/kits/{kit_id}/licenses validates the caller’s ability to edit kits but does not authorize access to the referenced license object. This allows a low-privilege user with predefined-kit pe...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3Affected Software1
euvd
euvd
added last week6 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3
osv
osv
added last week2 views

CVE-2026-55478 Snipe-IT: Missing object-level authorization in Kits API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.3CVSS6.1AI score0.00175EPSS
Exploits0References5
osv
osv
added last week3 views

CVE-2025-30008 HestiaCP < 1.9.5 Stored XSS via DNS Record Management Interface

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References7
euvd
euvd
added last week6 views

EUVD-2025-210453

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References4
cvelist
cvelist
added last week36 views

CVE-2025-30008 HestiaCP < 1.9.5 Stored XSS via DNS Record Management Interface

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS0.00181EPSS
Exploits0References4
osv
osv
added last week3 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
vulnrichment
vulnrichment
added last week6 views

CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
euvd
euvd
added last week7 views

EUVD-2026-42872

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References1
cvelist
cvelist
added last week36 views

CVE-2026-54468

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS0.00295EPSS
Exploits0References1
cve
cve
added last week9 views

CVE-2026-54468

CVE-2026-54468 affects Dell Unisphere for PowerMax, versions up to 10.3.0.5. It describes a path traversal vulnerability that could allow a low-privileged, remotely authenticated attacker to read arbitrary files. The connected documents confirm the affected product and vulnerability class but do ...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added last week28 views

CVE-2026-56689

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS0.00215EPSS
Exploits0References1
cve
cve
added last week8 views

CVE-2026-56689

Dell PowerFlex Manager versions prior to 5.1.0.1 are affected by an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. A low-privileged attacker with remote access could potentially cause information exposure. The available documents do not specify ...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1Affected Software1
euvd
euvd
added last week9 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
attackerkb
attackerkb
added last week5 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS6.1AI score0.0023EPSS
Exploits0References2
cve
cve
added last week15 views

CVE-2026-56690

Affected product: Dell PowerFlex Manager prior to version 5.1.0.1. Vulnerability: SQL Injection due to Improper Neutralization of Special Elements used in SQL commands. Root cause: improper handling of SQL input. Impact: information disclosure and potential unauthorized access; attack can be perf...

8.5CVSS6.1AI score0.0023EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added last week29 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.0023EPSS
Exploits0References1
Rows per page
Query Builder