Lucene search
K

16844 matches found

CVE
CVE
added 2026/03/25 4:8 p.m.68 views

CVE-2026-20113

The CVE affects the web-based Cisco IOx application hosting environment management interface in Cisco IOS XE Software. It arises from insufficient input validation and enables a remote, unauthenticated attacker to perform a CRLF injection, potentially injecting or altering log entries and obscuri...

5.3CVSS5.8AI score0.0029EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.11 views

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:29 p.m.3 views

CVE-2026-4760

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

9.2CVSS6AI score0.00343EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.8 views

SUSE CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default 1 year. A...

5.4CVSS5.8AI score0.00302EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low-privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS6.1AI score0.00414EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-27793

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw exists in the web-based management interface that may allow a remote attacker with valid credentials to perform a cross-site scripting XSS attack against a user...

5.5CVSS6.2AI score0.00162EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27795

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based management interface of the Cisco IOx application hosting environment. This issue could allow a remote attacker with valid administrative...

4.8CVSS6.1AI score0.00194EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-27796

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based Cisco IOx application hosting environment management interface that could allow a remote attacker to inject carriage return line feed CRLF...

5.3CVSS6AI score0.0029EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28077

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

4.8CVSS6.1AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier had a cross-si...

4.8CVSS5.8AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Cisco Catalyst SD-WAN Manager XSS (cisco-sa-vmanage-xss-ZqkhP9W9)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...

5.4CVSS6AI score0.00162EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:23 p.m.32 views

CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

8.1CVSS0.00469EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-30924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also...

9.6CVSS6.5AI score0.00257EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/23 3:30 p.m.6 views

Harbor allows the use of the default password for web UI login

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

9.4CVSS5.8AI score0.00498EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/23 2:47 p.m.17 views

CVE-2026-4404

CVE-2026-4404 affects Harbor

9.4CVSS5.8AI score0.00498EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/20 7:2 p.m.25 views

CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

7.5CVSS0.01906EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Yi Technology YI Home Camera 2 访问控制错误漏洞

The Yi Technology YI Home Camera 2 is an intelligent home camera device developed by China's Yi Technology Company. The version 2.1.120171024151200 of the Yi Technology YI Home Camera 2 has a vulnerability related to access control. This vulnerability stems from a lack of authentication in the...

6.3CVSS6.6AI score0.00316EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/19 11:25 p.m.3 views

CVE-2026-32721

A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting XSS vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name SSID. When a user opens the wireless scan modal, the unsanitized SSID is rendered as r...

8.8CVSS6.1AI score0.00239EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.6 views

CVE-2026-30924

qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...

9.6CVSS6.5AI score0.00257EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 8:45 p.m.23 views

CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted

qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...

9CVSS0.00257EPSS
Exploits0References2
Rows per page
Query Builder