Lucene search
+L

11627 matches found

Nuclei
Nuclei
added 8 hours ago14 views

SquirrelMail Address Add 1.4.2 - Cross-Site Scripting

SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

4.3CVSS5.4AI score0.03436EPSS
Exploits2References2
Cvelist
Cvelist
added yesterday27 views

CVE-2026-16072 Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-16072

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS5.3AI score
Exploits0References3
NVD
NVD
added 2 days ago11 views

CVE-2026-15909

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-15909

Summary: CVE-2026-15909 affects RafyMrX TOKO-ONLINE-ROTI (up to a given commit). The vulnerability resides in an unknown function within the file lingkungan_proses/add.php? actually proses/add.php, where manipulation of the kd_cs argument leads to an authorization bypass. The issue can be exploit...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-44839

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-15909

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-57996

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44632

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 3 days ago4 views

CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.7CVSS6.1AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-57996

phpMyFAQ prior to 4.1.5 contains a privilege-escalation flaw in the admin/user-add endpoint. A delegated administrator with USER_ADD/EDIT/DELETE can call POST /admin/api/user/add using isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, enabling full instance takeov...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-44579

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

9.8CVSS6.4AI score0.00785EPSS
Exploits0References4
NVD
NVD
added 4 days ago4 views

CVE-2026-38450

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

9.8CVSS0.00785EPSS
Exploits0References3
CVE
CVE
added 4 days ago39 views

CVE-2026-45071

CVE-2026-45071 affects the Symfony PHP framework (dom-crawler component). Before patches, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true prior to loadXML(), re-enabling external entity resolution and allowing attacker-controlled XML to resolve file:// URIs (local file disclosur...

8.7CVSS6.1AI score0.00462EPSS
Exploits0References6Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-15672

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15672 itsourcecode Electronic Judging System add_judges.php sql injection

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43622

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-38450

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

0.00785EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-38450

CVE-2026-38450 — Aetopia DAM v1.0.0 has a remote code execution issue exploitable via the name and description parameters of the Add/Update Project function. The provided data lists a high-severity CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and notes a remote attacker with no privilege...

9.8CVSS6.4AI score0.00785EPSS
Exploits0References3
Rows per page
Query Builder