Lucene search
K

87137 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 11:27 p.m.3 views

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.9AI score0.00356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 11:26 p.m.5 views

CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:26 p.m.33 views

CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:26 p.m.6 views

CVE-2026-4918

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 11:23 p.m.31 views

CVE-2026-4919 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

4.8CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 10:16 p.m.5 views

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 10:16 p.m.5 views

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS0.00238EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/22 9:54 p.m.91 views

Web-Application-Pentest-Report

Web-Application-Pentest-Report OWASP methodology penetration t...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/22 9:31 p.m.7 views

EUVD-2026-22844

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

8.8CVSS5.8AI score0.00399EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/22 9:31 p.m.4 views

EUVD-2026-22860

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

7.2CVSS5.7AI score0.00411EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/22 9:24 p.m.4 views

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
NVD
NVD
added 2026/04/22 9:17 p.m.4 views

CVE-2026-40937

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

8.3CVSS0.00293EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 9:17 p.m.6 views

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

9.1CVSS0.005EPSS
Exploits3References1
NVD
NVD
added 2026/04/22 9:17 p.m.6 views

CVE-2026-33733

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS0.00448EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:13 p.m.5 views

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:13 p.m.4 views

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 9:13 p.m.24 views

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 9:13 p.m.20 views

CVE-2026-41170

Squidex -- CVE-2026-41170: Prior to 7.23.0, the RestoreController.PostRestoreJob endpoint lets an authenticated admin specify an arbitrary URL for downloading backups via the Backup HttpClient without SSRF protection. This enables internal or external network probing and access to sensitive resou...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 9:8 p.m.9 views

CVE-2026-41454

CVE-2026-41454 affects WeKan

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 9:8 p.m.25 views

CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS0.00274EPSS
Exploits0References3
Rows per page
Query Builder