Lucene search
K

38668 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.8 views

CVE-2022-23438

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...

6.1CVSS6.2AI score0.00533EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.7 views

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

6.5CVSS6.6AI score0.00735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

6.8CVSS6.6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.8 views

CVE-2022-26115

A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...

7.5CVSS7AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.6 views

CVE-2022-26950

Archer 6.x through 6.9 P2 6.9.0.2 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to t...

6.1CVSS7AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.7 views

CVE-2022-35925

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

9.8CVSS7AI score0.01357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.9 views

CVE-2017-18713

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.4...

6.5CVSS6.9AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.7 views

CVE-2020-24591

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...

6.5CVSS6.9AI score0.01033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.6 views

CVE-2024-34418

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tech9logy Creators WPCS WordPress Custom Search allows Stored XSS.This issue affects WPCS WordPress Custom Search : from n/a through 1.1...

5.9CVSS5.2AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.6 views

CVE-2024-41682

A vulnerability has been identified in Location Intelligence family All versions V4.4. Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords...

6.9CVSS7.2AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.6 views

CVE-2024-41805

Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...

6.1CVSS6.2AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.17 views

CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...

6.9CVSS6.8AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.7 views

CVE-2023-43650

JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code,...

8.2CVSS7.4AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.10 views

CVE-2023-31412

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...

7.5CVSS6.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.7 views

CVE-2023-4098

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

8.8CVSS7.2AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.9 views

CVE-2023-40061

Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result...

8.8CVSS6.9AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.7CVSS6.8AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.3 views

CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.7CVSS6.9AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.7 views

CVE-2021-27116

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS6.8AI score0.00432EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.12 views

CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

9.8CVSS7AI score0.00687EPSS
Exploits0References1
Rows per page
Query Builder