Lucene search
K

87400 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.3 views

Fortinet Fortigate Path Traversal in CLI (FG-IR-26-122)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-122 advisory. - An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References2
Amd
Amd
added 2026/04/14 12:0 a.m.76 views

SEV-SNP Routing Misconfiguration

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54510| A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based...

5.9CVSS5.8AI score0.00108EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.31 views

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

0.00311EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-33235

Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...

9.1CVSS6.1AI score0.01762EPSS
Exploits0References10
NVD
NVD
added 2026/04/13 9:16 p.m.4 views

CVE-2026-32272

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

8.7CVSS0.00304EPSS
Exploits0References4
CVE
CVE
added 2026/04/13 8:25 p.m.12 views

CVE-2026-32272

Craft Commerce (Craft CMS) 5.0.0–5.5.4 contains an SQL injection in ProductQuery::hasVariant and VariantQuery::hasProduct that bypass the input sanitization blocklist in ElementIndexesController, re-introduced by using Craft::configure() on a subquery without sanitization. An authenticated contro...

8.7CVSS6AI score0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 7:41 p.m.3 views

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.6 views

CVE-2026-4124

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 7:16 p.m.9 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS0.00304EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/04/13 6:49 p.m.182 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...

9.8CVSS6.5AI score0.88505EPSS
Exploits8
EUVD
EUVD
added 2026/04/13 6:30 p.m.3 views

EUVD-2026-22002

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/viewroom.php...

2.7CVSS5.9AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/13 6:30 p.m.4 views

EUVD-2026-21982

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/13 6:11 p.m.16 views

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS0.00304EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:11 p.m.1 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/13 6:11 p.m.15 views

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability (CVE-2026-40043) in the runSwitchUser() action. An authenticated, low-privilege attacker can manipulate the client-controlled original_username cookie and request a switch to user ID 1, potentially obtaining session tokens or administra...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.15 views

CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS0.00109EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/13 6:10 p.m.16 views

CVE-2026-40041

CVE-2026-40041 affects Pachno 1.0.6 and describes a cross-site request forgery (CSRF) vulnerability arising from missing CSRF protections on state-changing endpoints. Attackers can craft requests that execute actions in an authenticated user context via attacker-controlled sites, targeting login,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/13 4:49 p.m.91 views

Stored-Cross-Site-Scripting-XSS-in-Donor-Registration-Leading-to-Admin-Session-Hijacking

Stored XSS in BloodBank Managing System — Donor Registration...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/13 4:16 p.m.5 views

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS0.00302EPSS
Exploits0References5
Rows per page
Query Builder