Lucene search
K

4489 matches found

OSV
OSV
added 2026/02/09 7:33 p.m.6 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.6AI score0.00419EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.4 views

CVE-2026-2160

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

6.1CVSS3.8AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 12:15 p.m.13 views

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 11:22 a.m.8 views

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS5.7AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 11:22 a.m.28 views

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 11:22 a.m.17 views

CVE-2026-0632

CVE-2026-0632 affects the Fluent Forms Pro Add On Pack for WordPress. All versions up to and including 6.1.12 are vulnerable to Server-Side Request Forgery via the saveDataSource function. Authenticated users with Subscriber-level access or higher can cause the web application to make requests to...

5.4CVSS5.7AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2026/02/09 2:16 a.m.5 views

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS0.00223EPSS
Exploits1References4
OSV
OSV
added 2026/02/09 2:16 a.m.5 views

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS4AI score0.00223EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/09 1:2 a.m.5 views

CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS3.6AI score0.00223EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 1:2 a.m.6 views

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS3.6AI score0.00223EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 1:2 a.m.32 views

CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS0.00223EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 1:2 a.m.14 views

CVE-2026-2200

CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.

4.8CVSS3.2AI score0.00223EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7044

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS3.6AI score0.00223EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

JFinalCMS 代码注入漏洞

JFinalCMS is a content management system developed by heyewei’s individual developers. Version JFinalCMS 5.0.0 has a code injection vulnerability. This vulnerability stems from incorrect operations with the component API endpoints related to files and the ‘admin/admin/save’ endpoint, which may le...

4.8CVSS5.6AI score0.00223EPSS
Exploits1References5
OSV
OSV
added 2026/02/08 4:15 p.m.4 views

CVE-2026-2160

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

6.1CVSS4.2AI score0.00262EPSS
Exploits1References5
NVD
NVD
added 2026/02/08 4:15 p.m.7 views

CVE-2026-2160

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

6.1CVSS0.00262EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/08 3:32 p.m.35 views

CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

5.3CVSS0.00262EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/08 3:32 p.m.3 views

CVE-2026-2160

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

5.3CVSS3.7AI score0.00262EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/08 3:32 p.m.4 views

CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

5.3CVSS3.8AI score0.00262EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/08 7:13 a.m.11 views

CVE-2026-2075

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

8.8CVSS6.1AI score0.00309EPSS
Exploits1References1
Rows per page
Query Builder