Lucene search
K

1912 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...

6.1CVSS6.1AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 12:30 a.m.17 views

EUVD-2026-19484

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6.2AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 10:16 p.m.3 views

DEBIAN-CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/06 10:16 p.m.1 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 9:19 p.m.21 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 9:19 p.m.2 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6AI score0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:19 p.m.3 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References4
CVE
CVE
added 2026/04/06 9:19 p.m.20 views

CVE-2026-22675

OCS Inventory NG Server (versions up to 2.12.3) is affected by a stored XSS in the User-Agent header submitted to the /ocsinventory endpoint. The issue stems from improper sanitization/encoding when rendering user-supplied User-Agent values in the statistics dashboard, enabling arbitrary JavaScri...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/06 9:19 p.m.8 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.8 views

PT-2026-30738

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6.2AI score0.00218EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.4 views

PT-2026-30334

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The install/test.php diagnostic script has its CLI-only access guard disabled, allowing access via HTTP after installation. This exposes video viewer statistics, including IP addresses, session IDs, a...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/03 10:57 a.m.5 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS6.3AI score0.00956EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/02 4:26 p.m.94 views

mansstimap

mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...

6.1AI score
Exploits0
NVD
NVD
added 2026/04/02 8:16 a.m.6 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 7:39 a.m.34 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:39 a.m.3 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS6.4AI score0.00956EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 7:39 a.m.20 views

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

7.5CVSS6.4AI score0.00956EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/02 7:39 a.m.1 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References3
Rows per page
Query Builder