Lucene search
+L

13215 matches found

Nuclei
Nuclei
added 20 hours ago10 views

Blinko < 1.8.4 - Path Traversal

Blinko 1.8.4 contains a path traversal vulnerability caused by lack of permission checks and filtering on the temp/ path in the file server endpoint, letting unauthorized attackers read arbitrary files including backup files with user notes and tokens, exploit requires no special privileges. id:...

8.2CVSS5.4AI score0.01523EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago104 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS5.5AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
added 20 hours ago27 views

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

9.8CVSS6.5AI score0.032EPSS
Exploits0References3
NVD
NVD
added 2 days ago10 views

CVE-2026-15007

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS0.00268EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15007

The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...

8.3CVSS5.4AI score0.00268EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS0.00268EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2 days ago11 views

CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago10 views

PT-2026-60781

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score0.00268EPSS
Exploits0References6
NVD
NVD
added 3 days ago5 views

CVE-2026-43977

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The vulnerability exis...

7.5CVSS0.00232EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago11 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.11.10 security update

Red Hat Advanced Cluster Management for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.11 images Red Hat Advanced Cluster Management for Kubernetes provides...

9.3CVSS6.9AI score0.025EPSS
Exploits10References18
NVD
NVD
added 3 days ago9 views

CVE-2026-63081

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-63081 Perfect Support Ticketing System 1.7 Stored XSS via Ticket Notes Field

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-63081

The CVE-2026-63081 entry describes a stored XSS in the Perfect Support Ticketing & Document Management System (v1.7). Authenticated attackers with Agent-level privileges can inject scripts into the Notes field of assigned tickets, causing the script to run in the browser context of any viewer (in...

5.4CVSS6.1AI score0.00138EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago12 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.66 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

9.8CVSS6.8AI score0.02474EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 3 days ago11 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.69 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.69 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.1CVSS6.8AI score0.01557EPSS
Exploits7References9
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-9007 Reflected XSS in HCL Notes

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-9007

CVE-2026-9007 is a reflected cross-site scripting (XSS) vulnerability in HCL Notes from HCL Software. The issue stems from improper neutralization of input during web page generation, allowing an attacker to execute arbitrary JavaScript in the context of another user. Affected product/version: HC...

5.5CVSS6.3AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44706

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS6.3AI score0.00258EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.38 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

9.1CVSS7AI score0.01557EPSS
Exploits1References4
Rows per page
Query Builder