Lucene search
K

2878 matches found

Nuclei
Nuclei
added yesterday31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.4AI score0.04342EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41663

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is public...

5.3CVSS5.4AI score0.00317EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
NVD
NVD
added 6 days ago6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
CVE
CVE
added 6 days ago15 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-54931

Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.32 views

CVE-2026-57338 WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-449 pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering

pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...

9.1CVSS7.4AI score0.00305EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 9:16 a.m.9 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:15 a.m.5 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/29 6:45 a.m.34 views

CVE-2026-13544 Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:45 a.m.6 views

CVE-2026-13544

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/26 11:0 p.m.12 views

EUVD-2026-36599

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:32 p.m.12 views

EUVD-2026-39650

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

7.3CVSS5.7AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57430

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

4.3CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.13 views

CVE-2026-57638

CVE-2026-57638 concerns a Cross Site Scripting (XSS) vulnerability in the WordPress plugin Fluent Booking affecting versions

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.41 views

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.3 views

EUVD-2026-39745

Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39739

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder