Lucene search
K

17874 matches found

Nuclei
Nuclei
added 9 hours ago73 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.1AI score0.04518EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago51 views

phpMyFAQ < 3.2.0 - Cross-site Scripting

Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "tex...

7.4CVSS6.7AI score0.01105EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago32 views

Froxlor < 0.10.38.2. - HTML Injection

HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. id: CVE-2022-3869 info: name: Froxlor TEST" matchers-condition: and matchers: - type: word part: body words: - 'The message to ""TEST" failed' - type: word part: header words: - "text/html" - type: status status: - 200 d...

6.5CVSS6.6AI score0.01265EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago26 views

FOSSBilling < 0.5.3 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. id: CVE-2023-3521 info: name: FOSSBilling &datefrom='" HTTP/1.1 Host: Hostname matchers-condition: and matchers: - type: word part: body words:...

6.1CVSS6.2AI score0.00919EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago73 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago124 views

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.2AI score0.01222EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago91 views

Hestiacp <= 1.7.7 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...

6.1CVSS6.1AI score0.01293EPSS
Exploits1References3
NVD
NVD
added yesterday4 views

CVE-2026-49170

Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-11403

The CVE affects Sonatype Nexus Repository Manager. The flaw is in the format-specific API key generation, where a remote attacker could gain unauthorized access to repository operations as a targeted user if a format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token)...

8.7CVSS6.1AI score
Exploits0References2
OSV
OSV
added yesterday16 views

ROOT-APP-PYPI-CVE-2026-34515 CVE-2026-34515 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34515 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00433EPSS
Exploits0
OSV
OSV
added yesterday12 views

ROOT-APP-PYPI-CVE-2026-34519 CVE-2026-34519 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34519 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.2AI score0.00292EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-APP-PYPI-CVE-2026-48817 CVE-2026-48817 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48817 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS6.1AI score0.00213EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago10 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS5.5AI score0.00338EPSS
Exploits0Affected Software1
CVE
CVE
added 2 days ago37 views

CVE-2026-14934

CVE-2026-14934 affects Google Cloud BigQuery, Dataform and Colab Enterprise repository creation functionality. A Missing Authorization flaw in versions from October 2025 through May 10, 2026 allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The ...

9.4CVSS6.1AI score0.00226EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago75 views

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS6.1AI score0.33629EPSS
Exploits1References4
NVD
NVD
added 5 days ago7 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-56688

Dell PowerFlex Manager (versions before 5.1.0.1) is vulnerable to an OS Command Injection via OS Repository processing, caused by improper neutralization of special elements. A remote, high-privileged attacker could execute arbitrary commands as root, potentially causing full appliance compromise...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42871

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
Rows per page
Query Builder