Lucene search
+L

38720 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45268

IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

5.3CVSS5.3AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2024-23575

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...

5.3CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2024-23575

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...

5.3CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-23566

CVE-2024-23566 : Affects HCL Aftermarket EPC. The login/authentication mechanism is vulnerable due to lack of captcha, enabling brute-force and automated login attempts that could lead to account enumeration. CVSS 3.1 base score 6.5 (Medium): Network access, low impact to confidentiality/ integri...

6.5CVSS5.4AI score
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS5.3AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2024-55660

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS5.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday25 views

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS5.5AI score0.01836EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday50 views

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

6.1CVSS6AI score0.00574EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday53 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS5.7AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday82 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.3AI score0.0203EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday36 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS5.6AI score0.0203EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday57 views

WordPress PhastPress <1.111 - Open Redirect

WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24210 info: name: WordPress PhastPress 1.111 - Open...

6.1CVSS6.2AI score0.03066EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7.5AI score0.24141EPSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-45127

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago145 views

SAP NetWeaver Development Infrastructure - Server Side Request Forgery

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7AI score0.67699EPSS
Exploits0References5
OSV
OSV
added 4 days ago3 views

JLSEC-2026-681 The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against...

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the...

5.5CVSS6.1AI score0.00185EPSS
Exploits0References3
CVE
CVE
added 4 days ago56 views

CVE-2026-15719

The CVE-2026-15719 entry refers to Firefox Site isolation in the DOM: Navigation component. Publicly disclosed exploit code exists, but none are documented as in-the-wild attacks in the provided sources. Affected software is Firefox; the vulnerability was fixed in Firefox 152.0.6. The Mozilla adv...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score0.00287EPSS
Exploits1References6
Rows per page
Query Builder