Lucene search
K

87126 matches found

NVD
NVD
added 2026/04/06 6:16 p.m.5 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS0.00559EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:50 p.m.7 views

EUVD-2026-19422

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:40 p.m.9 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty

Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...

7.2CVSS6.9AI score0.01037EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.2 views

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 4:35 p.m.33 views

CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...

8.7CVSS0.26409EPSS
Exploits2References1
CVE
CVE
added 2026/04/06 4:35 p.m.59 views

CVE-2026-35029

CVE-2026-35029 affects LiteLLM, a proxy AI Gateway. The /config/update endpoint lacks admin authorization, allowing an authenticated user to modify proxy config and environment variables, register attacker-controlled Python code handlers, achieve remote code execution, read arbitrary server files...

8.8CVSS6.3AI score0.26409EPSS
Exploits2References8Affected Software1
NVD
NVD
added 2026/04/06 4:16 p.m.10 views

CVE-2026-33405

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...

4.8CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 3:17 p.m.6 views

CVE-2026-33404

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

6.1CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 3:17 p.m.11 views

CVE-2026-33406

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

6.1CVSS0.00254EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 2:50 p.m.3 views

EUVD-2026-19285

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

5.4CVSS6AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 2:50 p.m.18 views

CVE-2026-33406

Pi-hole Admin Interface (6.0–before 6.5) contains a stored HTML attribute injection in the /api/config values embedded into HTML value="" attributes via settings-advanced.js, enabling attribute-level manipulation. The root cause is unescaped config values, which can break out of the attribute con...

6.1CVSS6AI score0.00254EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 2:48 p.m.3 views

EUVD-2026-19281

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 12:32 p.m.2 views

EUVD-2026-19225

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/06 12:32 p.m.5 views

EUVD-2026-19215

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $SERVER'PHPSELF' leads to cross...

4.8CVSS4.3AI score0.00206EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 10:45 a.m.2 views

CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 10:45 a.m.30 views

CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

4.8CVSS0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 10:45 a.m.12 views

CVE-2026-5647

CVE-2026-5647 affects code-projects Online Shoe Store 1.0. The vulnerability is in the admin feature for adding products, specifically through an XSS condition triggered by manipulating the product_name parameter in /admin/admin_feature.php. The issue is exploitable remotely, and public exploit d...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 10:16 a.m.5 views

CVE-2026-5641

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 10:16 a.m.5 views

CVE-2026-5643

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $SERVER'PHPSELF' leads to cross...

4.8CVSS0.00206EPSS
Exploits0References5
Rows per page
Query Builder