Lucene search
K

12755 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained a path traversal vulnerability. This vulnerability stemmed from an issue with bypassing workspace boundaries, which could allow authentication attackers t...

7.7CVSS5.4AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Hermes Web UI 操作系统命令注入漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.311 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a problem with remote code execution, which could allow...

8.8CVSS6.3AI score0.00945EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

WordPress plugin Global Body Mass Index Calculator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Skilja Vinna Process Monitor 跨站脚本漏洞

Skilja Vinna Process Monitor is a business process monitoring platform developed by Skilja Corporation. The Skilja Vinna Process Monitor 4.0 Service Pack 1 version contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting flaw, which could...

9.3CVSS5.1AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

WordPress plugin RomanCart Ecommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48166

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.16 views

CVE-2026-36723

CVE-2026-36723 affects bookcars v8.3. An unrestricted file rename vulnerability in the /api/create-user component allows authenticated attackers to exploit directory traversal to move files from temporary storage to arbitrary locations on the server filesystem, enabling unauthorized access to sen...

8.8CVSS6.5AI score0.00998EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

SAP NetWeaver Application Server ABAP 数据伪造问题漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a vulnerability in SAP NetWeaver Application Server ABAP, which allows authenticated attackers to obtain valid signed message...

9.9CVSS5.3AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 8:17 p.m.13 views

CVE-2026-49141

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...

7.1CVSS0.00216EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 7:29 p.m.11 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 7:29 p.m.44 views

CVE-2026-35058

Summary of CVE-2026-35058 / CVE-2026-40215 (OpenVPN) OpenVPN versions affected: 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. The issue in tls-crypt-v2 key extraction stems from improper validation of packet length, which can trigger a fatal assertion and cause a denial of service when processing a speciall...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 4:16 p.m.11 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 12:51 p.m.13 views

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/08 12:51 p.m.9 views

GHSA-HW9R-6M78-W6H3 GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 2:16 a.m.12 views

CVE-2021-47982

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 2:16 a.m.12 views

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 1:55 a.m.48 views

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 1:55 a.m.11 views

EUVD-2021-34850

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.9 views

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/08 1:55 a.m.12 views

EUVD-2021-34849

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder