Lucene search
K

1312 matches found

NVD
NVD
added 2026/05/13 7:17 p.m.8 views

CVE-2026-0256

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS0.0028EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.7 views

CVE-2026-41953

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.35 views

CVE-2026-40061 iControl REST and tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

8.7CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.29 views

CVE-2026-42919 F5 BIG-IP Appliance Mode Vulnerability

A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

7.1CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 4:26 a.m.16 views

CVE-2025-9989

CVE-2025-9989 – Broadstreet WordPress plugin : The vulnerability affects Broadstreet plugin versions

4.4CVSS6AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 4:26 a.m.7 views

CVE-2026-7619 Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.8 views

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...

6.9CVSS5.7AI score0.0028EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.14 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...

8.6CVSS6AI score0.01336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40806

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from authenticated server-side template injections in multiple modules. The application insecurely evaluated inputs provided by...

9.1CVSS6.2AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29808

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29807

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29806

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.30 views

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.11 views

CVE-2026-44859

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.12 views

CVE-2026-44857

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.16 views

CVE-2026-44860

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.14 views

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:50 p.m.42 views

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS0.00606EPSS
Exploits0References1
Rows per page
Query Builder