Lucene search
K

1695 matches found

NVD
NVD
added 2026/05/08 11:16 p.m.15 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 9:16 p.m.16 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS0.0035EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 7:16 a.m.13 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS0.01549EPSS
Exploits4References6
CVE
CVE
added 2026/05/08 12:0 a.m.82 views

CVE-2025-67886

CVE-2025-67886 affects Bitrix24 up to version 25.100.300, with the vulnerability residing in the Translate Module. An actor with SOURCE/WRITE permissions can upload an archive containing a PHP file and a crafted .htaccess, which then leads to remote code execution after extraction. Exploitation d...

6.3CVSS6AI score0.01028EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.7 views

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/05 9:36 p.m.9 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the admin/pages/ endpoint due to insufficient sanitization of user-supplied input in the detectXss function. An...

8.9CVSS6.3AI score0.003EPSS
Exploits1References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.5 views

[20260701] - Core - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/29 12:0 a.m.15 views

[20260516] - Core - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35746

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/24 12:14 a.m.30 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.8 views

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 8:37 p.m.6 views

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.5 views

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

6.5CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 10:16 a.m.7 views

CVE-2025-13480

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

6.5CVSS0.00257EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 9:0 a.m.29 views

CVE-2025-13480 Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

5.1CVSS0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33742

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

5.1CVSS5.7AI score0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

5.7AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/07 5:8 p.m.3 views

EUVD-2026-19773

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...

8CVSS5.9AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.12 views

WordPress plugin Under Construction, Coming Soon & Maintenance Mode 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

WordPress plugin Simple Social Media Share Buttons 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.7AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder