Lucene search
+L

4516 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-58077 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS0.00418EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7AI score0.03948EPSS
Exploits6References3
CVE
CVE
added 2 days ago7 views

CVE-2026-52837

Summary: Easy!Appointments

6.9CVSS6.1AI score0.00352EPSS
Exploits0References2
CVE
CVE
added 2 days ago26 views

CVE-2026-53566

CVE-2026-53566 describes an out-of-bounds read in the Citrix Secure Access Client for Windows , affecting versions prior to 26.6.1.20 . The vulnerability is categorized with a CVSS v4.0 vector indicating a local attack vector, low attack complexity, and no user interaction required, with a base s...

6.8CVSS6.1AI score0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43654

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago117 views

OpenCode < 1.0.216 - Unauthenticated Remote Code Execution

OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying serve...

8.8CVSS7.5AI score0.16955EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-58737

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description A use after free issue in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved by using a crafted HTML page...

8.3CVSS6.1AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

0.00592EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12081 Database for Contact Form 7, WPforms, Elementor forms < 1.5.2 - Unauthenticated PHP Object Injection via Entry File Field

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

0.00139EPSS
Exploits0References1
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score0.00246EPSS
Exploits0
OSV
OSV
added 6 days ago4 views

CVE-2026-55879 OpenReplay: Unauthenticated stored XSS leads to dashboard account takeover

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated...

9.3CVSS6.1AI score0.00274EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
CVE
CVE
added 6 days ago12 views

CVE-2026-61492

The provided connected documents identify a concrete vulnerability in JetBrains YouTrack: stored XSS via article titles in digest emails, affecting versions prior to 2026.2.17394. The exact root cause is not detailed beyond this description, and there are no explicit exploit details or remediatio...

6.1CVSS6.1AI score0.0039EPSS
Exploits0References1Affected Software1
OSV
OSV
added 6 days ago3 views

CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-54468

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57186

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible through the unauthenticated agent registration process. Stored XSS occurs when an application receives data from a user and includes that dat...

8.1CVSS6.1AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added last week7 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42574

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References2
CVE
CVE
added last week145 views

CVE-2026-56291

The CVE-2026-56291 entry concerns the Joomla extension Balbooa Forms, where an unauthenticated arbitrary file upload vulnerability allows uploading executable files and leads to full RCE. Affected version is Balbooa Forms

10CVSS6AI score0.00836EPSS
In wildExploits5References3Affected Software1
Rows per page
Query Builder