Lucene search
K

1048 matches found

OSV
OSV
added 2026/01/21 11:39 p.m.4 views

CVE-2026-23887 Group-Office has stored XSS vulnerability via unsanitized filenames

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.1CVSS5.5AI score0.00246EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 11:39 p.m.2 views

CVE-2026-23887

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.1CVSS5.4AI score0.00246EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.3 views

CVE-2021-47857

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

7.2CVSS5.6AI score0.00309EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

WordPress plugin Image Photo Gallery Final Tiles Grid has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2026/01/19 1:16 p.m.3 views

CVE-2026-1181

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing CORS policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could...

9CVSS0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.6 views

Teklif Management System security vulnerabilities

Teklif Yönetim Sistemi is a management and tracking software for individual developers developed by sibercii6-crypto. Teklif Yönetim Sistemi has a security vulnerability, which stems from the lack of an authorization check in the quote viewing function. This vulnerability could allow authenticate...

7.1CVSS5.8AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/16 5:26 p.m.13 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References1
NVD
NVD
added 2026/01/15 5:16 p.m.8 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS0.02117EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:27 p.m.2 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS6AI score0.02117EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/15 4:27 p.m.14 views

CVE-2026-22265

Roxy-WI CVE-2026-22265 describes a command-injection vulnerability in the log viewing functionality. The flaw exists in app/modules/roxywi/logs.py, line 87, where the grep parameter is used both sanitized and in raw form, enabling authenticated users to execute arbitrary system commands. Affected...

7.5CVSS7.5AI score0.02117EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/15 4:27 p.m.7 views

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.8AI score0.02117EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.8 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS6.8AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.9 views

PT-2026-3072

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Roxy-WI operating system command injection vulnerability

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.8.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log viewing feature’s ability to allow command...

7.5CVSS6AI score0.02117EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/14 8:3 a.m.7 views

Chainlit vulnerable to improper access restriction

Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.2CVSS6.6AI score0.00217EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/14 6:27 a.m.26 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.4 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

7.5CVSS6.7AI score0.01267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.7 views

CVE-2023-49115

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

7.5CVSS7.2AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.4 views

CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.8AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/01/07 10:15 p.m.7 views

CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS0.00243EPSS
Exploits1References3
Rows per page
Query Builder