Lucene search
K

5004 matches found

Nuclei
Nuclei
added yesterday46 views

ResourceSpace - Metadata Export

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value. id: CVE-2022-31260 info: name: ResourceSpace - Metadata Export author: ritikchaddha severity: medium description: | In Montala ResourceSpace...

6.5CVSS6.6AI score0.0151EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday41 views

Boa 0.94.13 - Information Disclosure

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE- multiple third parties report that this is a site-specific issue because those files are not par...

7.5CVSS7.3AI score0.10329EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday13 views

GeoServer - Missing Authorization on REST API Index

GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information. id: CVE-2025-27505 info: name: GeoServer - Missing Authorization on REST API Index author: securitytaters severity: medium...

5.3CVSS5.9AI score0.01022EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday6 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6AI score0.03016EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday17 views

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS6.2AI score0.0072EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

10CVSS8.1AI score0.70753EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday78 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6AI score0.01959EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago475 views

InfluxDB <1.7.6 - Authentication Bypass

InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret aka shared secret. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS6.9AI score0.30921EPSS
Exploits3References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41388

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-57760

CVE-2026-57760 affects the WordPress Sendcloud Shipping plugin

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-57720

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41091

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41055

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

8.1CVSS0.00236EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40392

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago39 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder