Lucene search
K

756 matches found

Nuclei
Nuclei
added yesterday48 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6.1AI score0.01443EPSS
Exploits1References4
CVE
CVE
added 4 days ago7 views

CVE-2026-15084

The issue is a Stored XSS in Drupal UI Patterns (SDC in Drupal UI) caused by insufficient sanitization in versions 2.0.0–2.0.17. An attacker must have permissions to create/update content rendered by UI Patterns. Remediation: upgrade to a version later than 2.0.17.

5.4CVSS6.1AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-15084 UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 4 days ago6 views

CVE-2026-59193

Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42839

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:59 p.m.14 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 3:16 p.m.9 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 1:10 p.m.5 views

EUVD-2026-41874

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:10 p.m.10 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:38 a.m.36 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:36 a.m.8 views

CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 10:31 p.m.2 views

GHSA-Q6XX-5VR8-P898 Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check

Summary In nezha v1.14.13–v1.14.14 and v2.0.0–v2.0.9, the WebSocket endpoints GET /ws/terminal/:id and GET /ws/file/:id authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authenticated dashboard user...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52964 ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.8AI score0.00175EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39568

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS0.00423EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37699

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36901

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder