Lucene search
K

6066 matches found

Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-20298 Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
CVE
CVE
added 10 hours ago8 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 14 hours ago63 views

JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.2AI score0.10224EPSS
Exploits8References5
CVE
CVE
added yesterday5 views

CVE-2025-11698

The CVE-2025-11698 vulnerability affects 5380/5480/5580 controllers with boot firmware versions below 1.072. It enables a denial-of-service by allowing a malicious actor to write invalid file data to the controller, potentially causing a major non-recoverable fault (MNRF). The documents do not pr...

9.2CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday81 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added yesterday2 views

Microsoft PC Manager < 3.22.1.0 Elevation of Privilege (CVE-2026-50438) (July 2026)

The Windows 'Microsoft PC Manager' app installed on the remote host is prior to 3.22.1.0. It is, therefore, affected by an elevation of privilege vulnerability: - A local privilege escalation vulnerability allows an authenticated attacker to escalate privileges beyond the vulnerable component's...

8.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
CVE
CVE
added 4 days ago29 views

CVE-2026-57827

The CVE-2026-57827 entry concerns the Joomla extension RSFiles (RSFiles component) from rsjoomla.com, affected versions prior to 1.17.12. The vulnerability is an unauthenticated arbitrary file upload that can upload executable files, enabling full remote code execution (RCE). The connected record...

10CVSS6.1AI score0.00287EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 4 days ago10 views

CVE-2026-57827 Joomla Extension - rsjoomla.com - Unauthenticated file upload in RSFiles component < 1.17.12

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6.1AI score0.00287EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits1References2
NVD
NVD
added 6 days ago7 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 6 days ago11 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00836EPSS
Exploits5References2
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.7 views

CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00172EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.3 views

CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1

CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1. An upgraded version of the package is available that resolves this issue...

7.7CVSS7AI score0.00674EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS6.1AI score0.0018EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00172EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00184EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00176EPSS
Exploits0
Rows per page
Query Builder