Lucene search
K

7108 matches found

NVD
NVD
added yesterday9 views

CVE-2026-56809

Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor...

6.1CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-56809

CVE-2026-56809 concerns Ricoh Web Image Monitor on multiple laser printers/MFPs. The vulnerability is a reflected cross-site scripting flaw that allows arbitrary script execution in the web browser of a user who accesses the Web Image Monitor. Reported impact is browser-side, with confidentiality...

6.1CVSS6.3AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40255

Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor...

6.1CVSS6.3AI score0.00187EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

Download Monitor < 4.4.5 - SQL Injection

The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

7.2CVSS7.1AI score0.17484EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday27 views

IRTS OP5 Monitor - Cross-Site Scripting

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. id: CVE-2021-40272 info: name: IRTS OP5 Monitor - Cross-Site Scripting author: ritikchaddha severity: medium description: | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. impac...

6.1CVSS6.4AI score0.01036EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday4 views

Campaign Monitor for WordPress - Information Disclosure

Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...

5.3CVSS5.7AI score0.00849EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday7 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS7.6AI score0.14886EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago33 views

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

7.5CVSS7.2AI score0.38083EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago33 views

WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting

A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. id: CVE-2012-4768 info: name: WordPress Plugin Download Monitor 3.3.5.9 - Cross-Site...

4.3CVSS5.8AI score0.10456EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but...

5.8AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

GHSA-PR7J-96CJ-549H Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API

Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...

7.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-0828

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

7.5CVSS0.00461EPSS
Exploits2References2
CVE
CVE
added 5 days ago84 views

CVE-2026-0828

CVE-2026-0828 affects Safetica’s endpoint client x64, specifically the kernel driver ProcessMonitorDriver.sys (versions 10.5.75.0 and 11.11.4.0). The vulnerability stems from an IOCTL path that lacks proper caller privilege validation, allowing an unprivileged user with a handle to the device to ...

7.5CVSS6.1AI score0.00461EPSS
Exploits2References2
OSV
OSV
added 6 days ago3 views

GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd

containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...

9.4CVSS6AI score
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-53141

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.7AI score0.00166EPSS
Exploits0
Nuclei
Nuclei
added 6 days ago309 views

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

9.8CVSS8AI score0.85785EPSS
Exploits8References5
NVD
NVD
added last week8 views

CVE-2026-55583

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added last week4 views

PYSEC-2026-229

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.5CVSS5.8AI score0.00417EPSS
Exploits0References3
NVD
NVD
added last week12 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS0.00417EPSS
Exploits0References3
EUVD
EUVD
added last week8 views

EUVD-2026-38745

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References3
Rows per page
Query Builder