Lucene search
K

1625 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-48760

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs...

6.1CVSS0.00412EPSS
Exploits0References5
NVD
NVD
added 2 days ago4 views

CVE-2026-58647

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS0.00538EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-58647

CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...

8CVSS6.1AI score0.00538EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2 days ago3 views

Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS6.1AI score0.00538EPSS
Exploits0
Nuclei
Nuclei
added 2 days ago144 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.4AI score0.37099EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-58285

Name of the Vulnerable Software and Affected Versions Power BI Report Server versions prior to 15.0.1121.120 Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a technique where malicious scripts are injected into trusted websites. This allo...

8CVSS6AI score0.00538EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/04 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: leptonica-1.87.0-4.fc44

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

9.8CVSS6.8AI score0.01735EPSS
Exploits0
NVD
NVD
added 2026/06/09 1:16 a.m.13 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.14 views

BadBone: Backdoor Attacks against Backbone Models in Visual Prompt Learning

Prompt learning is a new machine learning paradigm that has attracted ample attention due to its simplicity and proven efficacy. Despite its growing adoption, the security vulnerabilities associated with this paradigm remain underexplored. In this work, we take the first step to propose BadBone, ...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/12 3:31 a.m.11 views

EUVD-2026-29369

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.5 views

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

SAP BusinessObjects Business Intelligence Platform 跨站请求伪造漏洞

The SAP BusinessObjects Business Intelligence Platform is a comprehensive business analytics platform developed by the German company SAP. This platform integrates market-leading SAP data integration products, data management products, and business intelligence BI solutions. It eliminates...

5.4CVSS5.7AI score0.00121EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 4:13 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.3 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific...

9CVSS7.4AI score0.01815EPSS
Exploits12Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 12:8 a.m.3 views

CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

4.1CVSS5.8AI score0.00185EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.6 views

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/18 12:0 a.m.5 views

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

5.7AI score
Exploits0
Kaspersky
Kaspersky
added 2026/03/12 12:0 a.m.7 views

KLA90939 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-26133 high Solution Install necessary...

7.1CVSS5.8AI score0.00433EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/11 5:12 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...

8.7CVSS5.2AI score0.00705EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Hitachi Energy RTU500 Product Incomplete List of Disallowed Inputs (CVE-2026-1773)

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of...

8.7CVSS5.2AI score0.00411EPSS
Exploits0References3
NVD
NVD
added 2026/02/24 2:16 p.m.6 views

CVE-2026-1773

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates...

8.7CVSS0.00411EPSS
Exploits0References1
Rows per page
Query Builder