Lucene search
K

3153 matches found

Nuclei
Nuclei
added yesterday59 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.4AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday23 views

ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 subTab or 2 tab parameter to createAnomaly.do; 3 url, 4 subTab, or 5 tab parameter to mindex.do; 6 tab parameter to index2.do; or 7 port...

4.3CVSS6.2AI score0.07718EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.97.0-1.1.hum1 aarch64, x8664 clippy-1.97.0-1.1.hum1 aarch64, x8664 rust-1.97.0-1.1.hum1 aarch64, x8664 rust-analyzer-1.97.0-1.1.hum1 aarch64, x8664...

7.5CVSS6.6AI score0.00374EPSS
Exploits3References10
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43080

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

6.1AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15085 AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

0.00254EPSS
Exploits0References1
NVD
NVD
added 5 days ago11 views

CVE-2026-60108

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-60109

Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...

8.7CVSS0.00502EPSS
Exploits0References3
CVE
CVE
added 5 days ago13 views

CVE-2026-60108

Zeek prior to 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer. An unauthenticated remote attacker can trigger a DoS by initiating an FTP control session that negotiates AUTH GSSAPI, then sends a large ADAT control line. The NVT_Analyzer does not enforce a maxim...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42597

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56665

Name of the Vulnerable Software and Affected Versions Drupal AI SEO/GEO Analyzer versions 0.0.0 through 1.1.3 Description Stored Cross-site Scripting XSS occurs when the module generates SEO/GEO analysis reports by sending entity content, including comments, to a Large Language Model LLM. The...

6.1AI score0.00254EPSS
Exploits0References3
Nuclei
Nuclei
added last week37 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS6.1AI score0.98463EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

SolarWinds Database Performance Analyzer < 2026.2 Stored XSS (CVE-2026-28322)

According to its self-reported version, the SolarWinds Database Performance Analyzer DPA installation on the remote host is prior to 2026.2. It is, therefore, affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. Note that Nessus h...

5.6CVSS5.8AI score0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40457

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:15 p.m.12 views

CVE-2026-28322

CVE-2026-28322 affects SolarWinds Database Performance Analyzer (DPA). The stored cross-site scripting vulnerability can enable unintended script execution, with the public metrics indicating high impact to confidentiality and integrity, and a medium overall severity (CVSS 3.1: AV=Adjacent, AC=Hi...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.40 views

CVE-2026-28322 SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54014

Name of the Vulnerable Software and Affected Versions SolarWinds Database Performance Analyzer affected versions not specified Description A stored cross-site scripting issue exists that allows for the execution of unintended scripts. Recommendations At the moment, there is no information about a...

5.6CVSS5.9AI score0.00222EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38996

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.7AI score0.00117EPSS
Exploits0References8
Rows per page
Query Builder