Lucene search
K

134 matches found

Cvelist
Cvelist
added 2026/06/16 4:29 p.m.24 views

CVE-2024-38487

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...

7CVSS0.00081EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 4:29 p.m.14 views

CVE-2024-38487

CVE-2024-38487 describes a vulnerability where an api-gateway container running with root privileges could escape the container and access the host system. Affected configuration: containerized api-gateway with root-level execution; root privileges combined with local attack vector enable host ac...

7CVSS5.3AI score0.00081EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 3:15 p.m.10 views

USN-8404-1 transmission vulnerability

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/08 3:15 p.m.11 views

USN-8404-1: Transmission vulnerability

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47597

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 1:16 p.m.15 views

CVE-2026-42961

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

5.1CVSS0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40601

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

5.1CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/30 2:11 p.m.6 views

CVE-2026-33454

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.4AI score0.00621EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

WordPress plugin Simple Social Media Share Buttons 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.7AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 1:28 p.m.19 views

CVE-2026-2737 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.5CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 1:28 p.m.4 views

CVE-2026-2737

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.5CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/12 1:16 p.m.4 views

CVE-2026-2513

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.6CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 1:0 p.m.23 views

CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being...

8.6CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 1:0 p.m.2 views

CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being...

8.6CVSS5.8AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 12:58 p.m.23 views

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.6CVSS0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 12:58 p.m.3 views

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.6CVSS5.8AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 6:56 a.m.2 views

CVE-2026-20704

Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed...

5.1CVSS6.1AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 8:45 p.m.6 views

Improper Input Validation

Overview websocket-server is an A simple fully working websocket-server in Python with no external dependencies Affected versions of this package are vulnerable to Improper Input Validation via the WebSocketServer.messagereceived component. An attacker can access sensitive information or trigger...

8.7CVSS5.6AI score0.00363EPSS
Exploits1References2
NVD
NVD
added 2026/01/15 1:16 p.m.3 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS0.00286EPSS
Exploits0References6
CVE
CVE
added 2026/01/15 1:8 p.m.15 views

CVE-2026-22918

CVE-2026-22918 describes missing protection against clickjacking that could allow an attacker to trick users into performing unintended actions on malicious pages, potentially leading to the extraction of sensitive data. The core description is echoed across multiple connected sources (NVD, Red H...

8.2CVSS6.4AI score0.00286EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder