Lucene search
K

10458 matches found

Vulnrichment
Vulnrichment
added 2026/06/06 10:30 a.m.9 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 10:30 a.m.41 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.01114EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 10:30 a.m.13 views

EUVD-2026-34965

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
CVE
CVE
added 2026/06/06 10:30 a.m.32 views

CVE-2026-11408

Summary of CVE-2026-11408 : A vulnerability exists in vertex-app up to 2026.02.12 affecting the Log Viewer Endpoint, specifically the file app/model/LogMod.js. The issue arises from processing of the query parameter req.query, enabling an os command injection. This can be exploited remotely; expl...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

VERTEX 操作系统命令注入漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...

6.5CVSS6.6AI score0.01114EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.16 views

PT-2026-47150

Name of the Vulnerable Software and Affected Versions vertex-app vertex versions prior to 2026.02.12 Description An issue exists in the Log Viewer Endpoint component within the file app/model/LogMod.js. Improper processing of the req.query argument allows for remote OS command injection, which...

6.5CVSS6.9AI score0.01114EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-34538

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS5.7AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

6.1CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.4AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

9.5CVSS5.4AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

7.6CVSS5.4AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.7 views

CVE-2026-45083

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

9.8CVSS5.6AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

9.8CVSS5.5AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 2:16 p.m.9 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00183EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:24 p.m.5 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/06/05 1:24 p.m.12 views

EUVD-2026-34830

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/05 1:24 p.m.38 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00183EPSS
Exploits2References2
CVE
CVE
added 2026/06/05 1:24 p.m.20 views

CVE-2026-50231

CVE-2026-50231 – Lyrion Music Server 9.2.0 suffers an unauthenticated stored XSS in the log viewer. The root cause is unescaped template variables, enabling attackers to inject scripts via search/lines/path query parameters or logged values (URLs, User-Agent, stream titles, player names) to run i...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/05 1:24 p.m.8 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
Rows per page
Query Builder