Lucene search
K

7672 matches found

OSV
OSV
added 2026/04/08 11:16 p.m.5 views

UBUNTU-CVE-2026-4332

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...

5.4CVSS6.1AI score0.00279EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/08 10:25 p.m.2 views

CVE-2026-4332

Removed by vendor...

5.4CVSS5.8AI score0.00279EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/08 10:25 p.m.20 views

CVE-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...

5.4CVSS0.00279EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 10:25 p.m.35 views

CVE-2026-4332

GitLab Enterprise Edition is affected by CVE-2026-4332 in customizable analytics dashboards where an authenticated user could inject and execute arbitrary JavaScript in other users’ browsers due to improper input sanitization. Affected ranges are GitLab EE versions: 18.2 up to but not including 1...

5.4CVSS6.1AI score0.00279EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 10:25 p.m.3 views

CVE-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...

5.4CVSS6.1AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 12:16 a.m.6 views

CVE-2026-2263

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS0.00375EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2026/04/08 12:0 a.m.9 views

Gitlab -- vulnerabilities

Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of Service issue in Terraform state lock API impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in CSV import impacts GitLab CE/EE Denial of Service issu...

8.5CVSS5.9AI score0.00577EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Hustle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 11:25 p.m.22 views

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS0.00375EPSS
Exploits0References5
OSV
OSV
added 2026/04/07 8:44 a.m.8 views

BIT-DISCOURSE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were not authorized to view. Insufficient access control...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31048

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle module converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References6
Imperva Blog
Imperva Blog
added 2026/04/06 10:29 p.m.7 views

Why AI Bot Protection and Control Are Essential for Application Security

AI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application...

5.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:21 p.m.4 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information Disclosure, Buffer Overflow and Denial of Service (DoS) due to Java JSON library ('Jackson')

Summary Jackson is used in Apache Solr, Apache ZooKeeper, and Logstash by IBM Operations Analytics - Log Analysis as part of parsing, generating, or serialising JSON data as part of their request handling, configuration processing, or structured logging workflows. CVE-2025-49128, CVE-2025-52999,...

8.7CVSS6.8AI score0.00634EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:55 p.m.13 views

Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling

Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...

9.1CVSS6.8AI score0.08914EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 2:33 p.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI

Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...

5.5CVSS6.5AI score0.0152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:27 p.m.6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by insufficiently privileged clients to execute snapshot and restore commands due to Apache Zookeeper

Summary Apache Zookeeper in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the coordination and configuration management backbone for SolrCloud. CVE-2025-58457. Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer le...

4.3CVSS7AI score0.00294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 4:3 p.m.4 views

Security Bulletin: Due to use of Apache Commons Lang, IBM Operations Analytics - Log Analysis is affected by Uncontrolled Recursion Vulnerability

Summary Apache Commons Lang in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the core utility such as string manipulation, object utilities, and class utilities. CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

5.3CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 3:55 p.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

Summary IBM Operations Analytics – Log Analysis is affected by weaknesses in its Backend Authentication and Session Management module—used as part of its login mechanism—which exposes the product to improper authentication risks, including weak password policy enforcement and insufficient account...

9.8CVSS5.9AI score0.0036EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/04/02 3:37 p.m.7 views

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.8 views

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

6AI score
Exploits0
Rows per page
Query Builder