Lucene search
K

885 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 12:6 a.m.4 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.29 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 6:11 p.m.1 views

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:11 p.m.1 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2023-60559

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 9:31 p.m.3 views

EUVD-2023-60549

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at...

6.1CVSS6.2AI score0.00263EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 9:31 p.m.2 views

EUVD-2023-60557

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

6.1CVSS6AI score0.00194EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 9:16 p.m.10 views

CVE-2023-54363

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS0.00226EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 9:16 p.m.6 views

CVE-2023-54362

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

6.1CVSS0.00194EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:54 p.m.3 views

CVE-2023-54364

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the fromoption, fromctrl,...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/09 8:54 p.m.9 views

CVE-2023-54364

Joomla HikaShop 4.7.4 is affected by a reflected XSS vulnerability in the product filter endpoint. The issue allows unauthenticated attackers to inject scripts via GET parameters (from_option, from_ctrl, from_task, from_itemid). Victims visiting a crafted link can have scripts executed, with pote...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 8:54 p.m.6 views

CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

6.1CVSS6AI score0.00194EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 8:54 p.m.4 views

CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

6.1CVSS6.1AI score0.00225EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:54 p.m.3 views

CVE-2023-54362

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

6.1CVSS6AI score0.00194EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/09 8:54 p.m.10 views

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 is affected by a reflected XSS in the filter_keyword parameter of the all-properties-with-map endpoint. The vulnerability allows an attacker to inject JavaScript payloads via a crafted URL, potentially executing code in a victim’s browser and compromising sessio...

6.1CVSS6.2AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31731

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from option, from ctrl,...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31728

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter keyword GET parameter of the...

6.1CVSS6.2AI score0.00225EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/08 3:32 a.m.7 views

parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.9AI score0.0021EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.11 contained a security vulnerability. This vulnerability stemmed from...

8.2CVSS5.8AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-33755

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS0.00387EPSS
Exploits1References1
Rows per page
Query Builder