Lucene search
K

87835 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

6.1AI score
Exploits0References2
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-43629

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43623

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score
Exploits0References6
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43575

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-58411

ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...

7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-61502

Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attacker can perform administrative actions including account creation and configuration changes leading to code execution - by causing a...

5.1CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-61501

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-61463

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtai...

8.8CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-61503

CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...

6.9CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-61502

CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...

5.1CVSS6.4AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-61501

Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...

6.1CVSS6.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-61500

Affected software: Rejetto HFS 3.0.0–3.2.0. Root cause: session-cookie signing key derived from the non‑cryptographic Math.random() generator; outputs disclosed to unauthenticated clients during login. Impact: remote attacker can observe login responses, reconstruct the generator state, recover t...

9.8CVSS6.5AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
EUVD
EUVD
added yesterday6 views

EUVD-2026-43295

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-43296

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References7
Rows per page
Query Builder