Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Trilium Notes 跨站脚本漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...

6.8CVSS6.3AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 9:16 p.m.13 views

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

7.3CVSS0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:0 a.m.10 views

EUVD-2026-30979

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

5.8AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.31 views

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.11 views

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

5.8AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:0 a.m.15 views

CVE-2026-39250

CVE-2026-39250 affects Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, enabling potentially dangerous operations. The NVD entry cites a CVSSv3.1 base score of 7.3 (HIGH) with network vector, low confidentiality/integrity/availabilit...

7.3CVSS5.8AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42008

Name of the Vulnerable Software and Affected Versions Innoshop version 0.6.0 Description An authorization issue allows an attacker who has logged into the frontend to directly access backend application interfaces, which can lead to the execution of dangerous operations. Recommendations At the...

7.3CVSS5.9AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2026/01/30 5:16 p.m.4 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS0.00311EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/30 4:16 p.m.5 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/25 5:36 p.m.3 views

CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

8.8CVSS6.6AI score0.00306EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 5:36 p.m.4 views

EUVD-2025-199621

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

8.8CVSS6.5AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48047

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

8.8CVSS7AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2022/06/20 8:25 p.m.8 views

MAL-2022-140 Malicious code in @boosted-bounty/backend-interfaces (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e321f53166b07d10de6128dd2b775925a44c6ee21a7bdfb796c7183c02603521 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder