Lucene search
K

87255 matches found

NVD
NVD
added 2026/06/08 3:16 p.m.14 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 2:1 p.m.11 views

EUVD-2026-35071

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 2:1 p.m.25 views

CVE-2026-25558

CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 2:1 p.m.8 views

CVE-2026-25558 QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:1 p.m.7 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 2:1 p.m.41 views

CVE-2026-25558 QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 1:16 p.m.14 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00143EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:16 p.m.6 views

UBUNTU-CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:16 p.m.6 views

UBUNTU-CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/08 12:55 p.m.82 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Automated Exploit - Usage Guide What This S...

9.2CVSS5.5AI score0.00612EPSS
Exploits3
NVD
NVD
added 2026/06/08 12:16 p.m.15 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/06/08 12:16 p.m.13 views

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 12:15 p.m.21 views

CVE-2026-11513

The vulnerability CVE-2026-11513 affects itsourcecode Hospital Management System 1.0. The issue is an SQL injection in an unknown function of /adminaccount.php triggered by manipulating the Date argument. It can be exploited remotely and an exploit is public. CVSS data is provided (v3.1/3.0/2.0 v...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 12:7 p.m.10 views

EUVD-2026-35054

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:7 p.m.8 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/08 12:6 p.m.12 views

EUVD-2026-35052

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 12:6 p.m.9 views

CVE-2026-8078 Fix stored XSS in global settings change log

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 11:44 a.m.55 views

CVE-2026-11577

...

0.00329EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:44 a.m.6 views

CVE-2026-11577

Rejected reason: The reported behavior does not constitute a privilege escalation. Exploitation requires the attacker to already possess the manage-realm administrative role within the realm-management client. By design, the manage-realm role is intended to be equivalent in administrative authori...

6AI score0.00329EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 11:30 a.m.13 views

EUVD-2026-35050

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Rows per page
Query Builder