Lucene search
K

20146 matches found

Nuclei
Nuclei
added 10 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago1017 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
OSV
OSV
added yesterday19 views

ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.0048EPSS
Exploits2
OSV
OSV
added yesterday9 views

ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00617EPSS
Exploits1
OSV
OSV
added yesterday12 views

ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root

Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.5AI score0.0053EPSS
Exploits0
CVE
CVE
added yesterday9 views

CVE-2026-15546

The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
OSV
OSV
added yesterday6 views

ROOT-OS-DEBIAN-12-CVE-2026-41080 CVE-2026-41080 in rootio-expat - Patched by Root

Root has patched CVE-2026-41080 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...

3.7CVSS5.4AI score0.00379EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-OS-DEBIAN-12-CVE-2024-28757 CVE-2024-28757 in rootio-expat - Patched by Root

Root has patched CVE-2024-28757 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...

7.5CVSS8AI score0.02006EPSS
Exploits1
OSV
OSV
added yesterday8 views

ROOT-OS-DEBIAN-12-CVE-2026-32776 CVE-2026-32776 in rootio-expat - Patched by Root

Root has patched CVE-2026-32776 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS5.5AI score0.00144EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in another-poc-by-tipsen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1bd73ac39644da27df81fcbc6540647d0f13d77419a07997a8ca0a2baa6164e package.json declares a dependency safe-chain-test sourced from a tarball URL on an anonymous Cloudflare tunnel host...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday11 views

ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root

Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...

7.4CVSS8AI score0.05213EPSS
Exploits1
Nuclei
Nuclei
added yesterday22 views

XWiki Platform - SQL Injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

9.8CVSS7.1AI score0.8541EPSS
Exploits6References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-55475 Snipe-IT: Import created_by can be overwritten

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS0.00195EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-55475

Snipe-IT prior to version 8.6.1 is vulnerable via the Importer API endpoint where a user with CSV import capabilities and a valid API key can overwrite the created_by value of an import file, enabling unauthorized modification of import ownership metadata. The issue is fixed in version 8.6.1. Thi...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References4Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-61461

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searchbyfulltext method without escaping or parameterization. Attackers can inject malicious SQL throu...

8.8CVSS0.00357EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-55476 Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...

5.3CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-55476

Snipe-IT (asset/license management) prior to v8.6.0 is vulnerable: POST /account/request/{itemType}/{itemId}/{cancel_by_admin}/{requestingUser} accepts cancel_by_admin as a URL path segment, enabling an authenticated user to silently cancel another user’s pending asset requests. Affects versions ...

5.3CVSS6.1AI score0.002EPSS
Exploits0References4Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 4 days ago17 views

CVE-2026-61461

Summary: CVE-2026-61461 affects Dify before 1.16.0-rc1, where the MyScale vector store backend is vulnerable to SQL injection via the search_by_full_text method due to unsanitized, unparameterized search parameters. This can allow an attacker to read, modify, or delete data in the underlying Clic...

8.8CVSS6.3AI score0.00357EPSS
Exploits0References5
OSV
OSV
added 4 days ago4 views

ROOT-OS-DEBIAN-13-CVE-2026-1965 CVE-2026-1965 in rootio-curl - Patched by Root

Root has patched CVE-2026-1965 in the rootio-curl package for Root:Debian:13. Multiple fixed versions available...

6.5CVSS5.9AI score0.00259EPSS
Exploits0
Rows per page
Query Builder