Lucene search
+L

1943 matches found

Nuclei
Nuclei
added 15 hours ago122 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS8.8AI score0.97405EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-48125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user- agent data. From 2.0.1 until 2.0.10, a regular expressio...

5.3CVSS5.4AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago41 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS0.00295EPSS
Exploits0References1
OSV
OSV
added 3 days ago4 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 8:16 p.m.9 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00234EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 7:40 p.m.32 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00234EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 7:40 p.m.8 views

EUVD-2026-42997

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00234EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 7:40 p.m.13 views

CVE-2026-55452

CVE-2026-55452 concerns Snipe-IT (IT asset/license management) where pre-8.5.0 builds store the User-Agent header via Actionlog::logaction() and export it in Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to inject a formula-like payload that can exe...

7.3CVSS6.2AI score0.00234EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/10 7:40 p.m.3 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00234EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/08 10:37 p.m.9 views

Cross-site Scripting (XSS)

Overview @appium/base-driver is a Base driver class for Appium drivers Affected versions of this package are vulnerable to Cross-site Scripting XSS via compileLodashTemplate. An attacker can execute arbitrary JavaScript in the context of the server origin by injecting malicious input into the...

9.6CVSS6.2AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/08 8:57 p.m.34 views

CVE-2026-58191 Appium: Reflected XSS / arbitrary JS in @appium/base-driver /test/guinea-pig* routes

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate...

6.5CVSS0.0022EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 4:20 p.m.15 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References4
NVD
NVD
added 2026/07/08 2:17 p.m.8 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 1:51 p.m.5 views

EUVD-2026-42270

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 1:51 p.m.33 views

CVE-2026-60092 AVideo - Stored Cross-Site Scripting via Unescaped User-Agent in Participants Panel

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 1:51 p.m.6 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/08 1:51 p.m.6 views

CVE-2026-60092 AVideo - Stored Cross-Site Scripting via Unescaped User-Agent in Participants Panel

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 1:51 p.m.11 views

CVE-2026-60092

The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 1:51 p.m.4 views

CVE-2026-60092 AVideo - Stored Cross-Site Scripting via Unescaped User-Agent in Participants Panel

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

5.1CVSS6AI score0.002EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10237 Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
Rows per page
Query Builder