Lucene search
+L

82314 matches found

Nuclei
Nuclei
added yesterday46 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS6.9AI score0.01923EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday239 views

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

6.1CVSS6.8AI score0.09642EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday190 views

AJ-Report < 1.4.1 - Remote Code Execution

AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rul...

9.8CVSS7.3AI score0.51468EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday85 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.1AI score0.53008EPSS
Exploits3References3
NVD
NVD
added 2 days ago6 views

CVE-2026-35152

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS0.03492EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-35152 Apache Fineract: SQL injection in runreports endpoint

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS6.2AI score0.03492EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44604

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS6.2AI score0.03492EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

4.8CVSS5.8AI score0.0014EPSS
Exploits0References8
CVE
CVE
added 3 days ago8 views

CVE-2026-15751

CVE-2026-15751 affects the mastergo-design mastergo-magic-mcp component set up to version 0.2.0. The vulnerability targets the execute function in mastergo/component-workflow.md for mcp__getComponentGenerator, where manipulation of the rootPath argument enables path traversal. Exploitation is loc...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References6
Wolfi
Wolfi
added 3 days ago13 views

GHSA-9MC4-RQMQ-H467 vulnerabilities

Vulnerabilities for packages: python...

6.1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 3 days ago4 views

Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS6.1AI score0.00538EPSS
Exploits0
Circl
Circl
added 3 days ago6 views

CVE-2026-15625

creationtimestamp| type| source ---|---|--- 2026-07-14 06:12:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlkfme2yr2x...

6.5CVSS6.6AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15675 code-projects Online Job Portal EditUser.php sql injection

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43621

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS5.7AI score0.00622EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References6
Kaspersky
Kaspersky
added 3 days ago4 views

KLA91151 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation...

8.8CVSS6.6AI score0.01287EPSS
Exploits0References20
Patchstack
Patchstack
added 4 days ago9 views

WordPress Booking Package plugin <= 1.7.20 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Booking Package versions = 1.7.20...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43276

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 4 days ago3 views

CVE-2026-15521 makafeli n8n-workflow-builder update_node_from_file server.cjs path traversal

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component updatenodefromfile. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8
NVD
NVD
added 5 days ago8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
Rows per page
Query Builder