Lucene search
+L

1708 matches found

euvd
euvd
added 2026/05/12 3:31 a.m.16 views

EUVD-2026-29359

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/12 2:20 a.m.8 views

CVE-2026-40131

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.23 views

PT-2026-39924

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/11 8:27 p.m.12 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/11 8:27 p.m.19 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS6AI score0.01549EPSS
Exploits4References1
vulnrichment
vulnrichment
added 2026/05/11 2:40 p.m.10 views

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

5.1CVSS5.8AI score0.00267EPSS
Exploits0References1
cve
cve
added 2026/05/11 2:40 p.m.19 views

CVE-2026-34087

CVE-2026-34087 affects Wikimedia Foundation OATHAuth. The connected documents confirm the issue is an exposure of sensitive information to an unauthorized actor, with affected OATHAuth versions listed as before 1.43.7, 1.44.4, 1.45.2. The exploitation status is not provided in the sources. There ...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/11 2:40 p.m.41 views

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

5.1CVSS0.00267EPSS
Exploits0References1
nvd
nvd
added 2026/05/08 11:16 p.m.16 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS0.00228EPSS
Exploits0References2
nvd
nvd
added 2026/05/08 9:16 p.m.16 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS0.0035EPSS
Exploits0References2
nvd
nvd
added 2026/05/08 7:16 a.m.13 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS0.01549EPSS
Exploits4References6
cve
cve
added 2026/05/08 12:0 a.m.87 views

CVE-2025-67886

CVE-2025-67886 affects Bitrix24 up to version 25.100.300, with the vulnerability residing in the Translate Module. An actor with SOURCE/WRITE permissions can upload an archive containing a PHP file and a crafted .htaccess, which then leads to remote code execution after extraction. Exploitation d...

6.3CVSS6AI score0.01028EPSS
Exploits3References6
redhatcve
redhatcve
added 2026/05/06 2:21 p.m.8 views

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References1
snyk
snyk
added 2026/05/05 9:36 p.m.9 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the admin/pages/ endpoint due to insufficient sanitization of user-supplied input in the detectXss function. An...

8.9CVSS6.3AI score0.003EPSS
Exploits1References2
joomla
joomla
added 2026/05/05 12:0 a.m.6 views

[20260701] - Core - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0Affected Software1
joomla
joomla
added 2026/04/29 12:0 a.m.16 views

[20260516] - Core - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/04/28 12:0 a.m.9 views

PT-2026-35746

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References6
cvelist
cvelist
added 2026/04/24 12:14 a.m.31 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS0.00282EPSS
Exploits0References2
euvd
euvd
added 2026/04/21 9:31 p.m.10 views

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/21 8:37 p.m.7 views

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder