Lucene search
+L

64 matches found

OSV
OSV
added 2026/04/01 8:35 a.m.12 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:44 p.m.5 views

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

5.5CVSS6AI score0.00173EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-20162

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

6.3CVSS6.1AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11226

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

6.3CVSS5.9AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 4:18 p.m.2 views

CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

6.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 9:41 p.m.5 views

CVE-2024-58307 CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

9.3CVSS7.7AI score0.00448EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/19 6:43 a.m.12 views

CVE-2025-11741

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosqquickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/29 4:35 a.m.9 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5CVSS4.7AI score0.00217EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/29 4:35 a.m.29 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5CVSS0.00217EPSS
Exploits0References4
OSV
OSV
added 2025/04/29 4:35 a.m.10 views

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5CVSS5.3AI score0.00217EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.5 views

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in n8n versions prior to 1.90.0, which stems from the presence of a stored cross-site scripting attack on an attachment view endpoint...

5.4CVSS5.7AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2025/03/20 10:15 a.m.7 views

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2024/10/17 7:15 p.m.8 views

CVE-2024-10099

A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...

6.1CVSS5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.5 views

PT-2024-39930 · Unknown · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability was found in the software, affecting an unknown function of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the Code argument leads to...

5.4CVSS4.4AI score0.00402EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.8 views

PT-2024-39929 · Unknown · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue has been found in the processing of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the id argument leads to SQL injection. The attack may...

8.8CVSS7.2AI score0.00517EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-38754 · Genexis · Genexis Tilgin Home Gateway

Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec...

5.3CVSS4.1AI score0.00338EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-30559 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 XWiki Platform versions prior to 16.0.0 Description: The issue allows a user without Script or Programming rights to...

9.4CVSS7.3AI score0.00461EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.6 views

PT-2024-29328 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 3.2.0 Description: An issue was found in the /smsa/view students.php endpoint, allowing remote unauthenticated attackers to view student details. This issue affects the ability to control...

5.3CVSS6.8AI score0.00485EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.7 views

PT-2024-29323 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 3.2.0 Description: An issue was found in the /smsa/view teachers.php endpoint, allowing remote unauthenticated attackers to view teacher details due to incorrect access control...

7.5CVSS6.8AI score0.00548EPSS
Exploits1References5
Rows per page
Query Builder