Lucene search
K

8310 matches found

Zero Science Lab
Zero Science Lab
added 23 hours ago22 views

SIP Sustainable Irrigation Platform 5.x Stored XSS

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.1CVSS6.3AI score
Exploits2
CVE
CVE
added yesterday8 views

CVE-2026-58500

CVE-2026-58500について、MCP Appium のcreateLocatorGeneratorUI が、バージョン1.85.10以前で、攻撃者が制御する要素属性(テキスト、content-desc、resource-id、ロケータ選択子)をHTMLテンプレートリテラルに直接埋め込み、HTML/JavaScript文脈のエスケープを行わないことが根本原因の未エスケープデータXSS を引き起こすコントリビューションです。被害者が対象アプリのUIをレンダリングすると、埋め込まれたスクリプトが実行され、window.parent.postMessageを介して任意のMCPツールの実行...

8.2CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43079

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

6.1AI score0.00254EPSS
Exploits0References2
CVE
CVE
added 4 days ago50 views

CVE-2026-14480

CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-14480 OpenPLC v3 External Control of File Name or Path

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS0.00616EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
OSV
OSV
added 4 days ago3 views

CVE-2026-15084 UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 4 days ago38 views

CVE-2026-55882

Summary: Tilt (Tilt HUD server) before v0.37.4 exposes Go pprof endpoints under /debug with no access control, allowing unauthenticated network-accessible listeners to read memory and tokens via /debug/pprof/heap and /debug/pprof/goroutine, and potentially degrade performance via /debug/pprof/pro...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42925

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-15375

CVE-2026-15375 affects Eleveo Call Recording Software 9.7.0, targeting the LDAP User Interface component via the file /callrec/users_ldap.jsp. The issue is described as improper authorization, with remote initiation possible and public exploit disclosure. The record notes that the vendor was cont...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42621

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS6AI score0.00319EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago11 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42488

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3
NVD
NVD
added 6 days ago11 views

CVE-2026-15117

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15111

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder