Lucene search
K

215131 matches found

CVE
CVE
added yesterday5 views

CVE-2026-58447

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2025-210381

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2025-210379

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2025-210377

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-58373

CVAT before version 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that lets authenticated attackers enumerate quality report identifiers across organizations by exploiting a missing check_object_permissions on the parent_id parameter of the quality r...

5.3CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-40292

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated...

9.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2025-24816

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...

6.5CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2025-24816 An Improper Access Control vulnerability in Nokia MantaRay NM

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...

0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2025-24815 An unrestricted file upload vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

0.00177EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2025-24815

CVE-2025-24815 affects Nokia MantaRay NM and describes an unrestricted file upload vulnerability caused by insufficient file type validation. The issue could allow an authenticated attacker to upload malicious files onto the system. No remediation details are provided in the supplied documents.

7.8CVSS5.8AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2025-210369

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

7.8CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. id: CVE-2021-40971 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat...

6.1CVSS6.6AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday29 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.6AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday123 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS5.8AI score0.28802EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday17 views

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS7.1AI score0.03096EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. id: CVE-2021-40969 info: name: Spotweb = 1.5.1 - Cross Site Scripting Reflected author: theamanrawat...

6.1CVSS6.6AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday34 views

phpShowtime 2.0 - Directory Traversal

A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo severity: medium description: A...

5CVSS6AI score0.11059EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.6AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.6AI score0.02073EPSS
Exploits1References2
Rows per page
Query Builder