Lucene search
K

1383 matches found

Cvelist
Cvelist
added 2026/02/16 5:5 p.m.23 views

CVE-2019-25393 Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...

6.1CVSS0.00233EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8058

The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.3AI score0.00163EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/12 12:0 a.m.141 views

📄 JUNG Smart Visu Server 1.1.1050 Request URL Override

JUNG Smart Visu Server version 1.1.1050 has a vulnerability that enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied requests through manipulation of the X-Forwarded-Host header. When a malicious actor sends a request with an arbitrary...

5.7AI score
Exploits0
NVD
NVD
added 2026/02/11 9:15 a.m.5 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS0.0016EPSS
Exploits0References5
CVE
CVE
added 2026/02/10 3:1 a.m.15 views

CVE-2026-0490

CVE-2026-0490 affects SAP BusinessObjects BI Platform. An unauthenticated attacker can craft a specific network request to a trusted endpoint that breaks authentication, resulting in a high impact on availability and no impact on confidentiality or integrity. CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7320

Name of the Vulnerable Software and Affected Versions Emmett versions prior to 1.3.11 Description The cookies property in emmett core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 error...

7.5CVSS5.6AI score0.00271EPSS
Exploits0References9
CVE
CVE
added 2026/02/09 7:39 a.m.38 views

CVE-2026-22903

Affects lighttpd-based server variants (modified lighttpd) where an unauthenticated remote attacker can send a crafted HTTP request with an overly long SESSIONID cookie. The underlying issue is a stack buffer overflow, triggered by the oversized cookie, leading to server crashes and potentially r...

9.8CVSS6.7AI score0.00667EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7081

Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified Description An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the lighttpd server, potentially...

9.8CVSS6.6AI score0.00667EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:49 p.m.14 views

CVE-2026-1731

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

9.9CVSS8.1AI score0.87991EPSS
In wildExploits22References4
OSV
OSV
added 2026/02/04 5:16 p.m.3 views

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

6.1CVSS5.9AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 11:23 a.m.5 views

EUVD-2025-206487

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.34 views

CVE-2026-1377 imwptip <= 1.1 - Cross-Site Request Forgery to Settings Update

The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/01/27 6:15 p.m.17 views

CVE-2026-1315

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or applicatio...

7.5CVSS0.00577EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 1:41 p.m.1 views

openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

7.5CVSS5.9AI score0.00864EPSS
Exploits0References5
NVD
NVD
added 2026/01/24 9:15 a.m.7 views

CVE-2026-0800

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 8:26 a.m.3 views

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.5 views

CVE-2025-14903

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS0.00155EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.8 views

CVE-2026-20080

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...

5.3CVSS5.6AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS0.00226EPSS
Exploits1References6
Rows per page
Query Builder