Lucene search
K

375 matches found

Nuclei
Nuclei
added 13 hours ago15 views

Shopware < 5.5.8 - Cross-Site Scripting

Shopware before 5.5.8 contains a reflected cross-site scripting XSS caused by unsanitized query string parameters in the backend/Login or backend/Login/load/ URI, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires sending crafted URL to the victim...

7.4CVSS6.9AI score0.02734EPSS
Exploits1References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-38009

Rancher vulnerable to command injection through unsanitized YAML parameter...

9.4CVSS5.8AI score0.01113EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-40143

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 7:16 a.m.8 views

CVE-2026-8163

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

8.8CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.8 views

EUVD-2026-38416

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50872

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.14.2 Description A command injection issue exists in the import endpoint "/v3/import/token clusterId.yaml". This occurs due to unsanitized YAML parameters, which could allow remote attackers to break out of ...

9.4CVSS6AI score0.01113EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-54419

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS0.00587EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-40457

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

2.1CVSS0.00318EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:58 a.m.5 views

CVE-2026-40457

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 10:58 a.m.9 views

EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 10:58 a.m.15 views

CVE-2026-40457

The CVE-2026-40457 entry describes a Reflected XSS in LMS (LAN Management System) prior to commit 9c5651b in the dbrecover.php and netremap.php modules, where unsanitized GET parameters are embedded into HTML output. This enables an attacker to inject arbitrary JavaScript when an authenticated us...

2.1CVSS5.3AI score0.00318EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 10:58 a.m.14 views

CVE-2026-40457 Reflected XSS in LMS

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

2.1CVSS5.4AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 12:0 a.m.9 views

EUVD-2026-36241

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS6.3AI score0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.5 views

CVE-2019-25734

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS5.8AI score0.00887EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/28 11:9 a.m.11 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 8:19 a.m.12 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 11:11 p.m.8 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 11:6 p.m.11 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 10:39 p.m.12 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 5:19 p.m.14 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS
Exploits0References5
Rows per page
Query Builder