Lucene search
K

266 matches found

NVD
NVD
added 2026/03/11 9:16 p.m.6 views

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS0.00191EPSS
Exploits1References1
NVD
NVD
added 2026/03/11 6:16 p.m.6 views

CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

7.5CVSS0.00453EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24376

Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description A condition exists where an unauthorized attacker can disclose information locally. The issue relates to Cwe not being in rca categories. Recommendations At the moment, there ...

5.5CVSS5.6AI score0.00603EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/02/21 8:5 a.m.22 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.0048EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/02/21 8:5 a.m.5 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2References4
CVE
CVE
added 2026/02/21 8:5 a.m.73 views

CVE-2026-27470

ZoneMinder (versions 1.36.37 and earlier; 1.37.61–1.38.0) contains a second‑order SQL Injection in web/ajax/status.php:getNearEvents(). Although event fields Name and Cause are stored via parameterized queries, they are concatenated into SQL WHERE clauses without escaping, allowing an authenticat...

8.8CVSS6.4AI score0.0048EPSS
Exploits2References4Affected Software1
Akamai Blog
Akamai Blog
added 2026/02/20 3:0 p.m.11 views

Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513

Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 — an actively exploited MSHTML vulnerability — and how APT28 leveraged it in real-world attacks...

8.8CVSS5.5AI score0.15384EPSS
Exploits0
OSV
OSV
added 2026/02/20 8:43 a.m.7 views

BIT-JENKINS-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS5.1AI score0.00505EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 3:31 p.m.2 views

GHSA-85H6-5M3V-GX37 Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS7.2AI score0.00505EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.8 views

Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS5.1AI score0.00505EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/02/18 3:31 p.m.9 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UserCause function. An attacker can execute arbitrary JavaScript code in the context of other users by providing crafted input in the...

8.6CVSS5.8AI score0.00505EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 2:17 p.m.5 views

CVE-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

5.1AI score0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Vulnerabilities existed in Jenkins versions 2.483 to 2.550, as well as in LTS versions 2.492.1 to...

8CVSS7.3AI score0.00505EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2026/02/16 9:19 p.m.6 views

From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause Fixes

Learn how Wiz is fundamentally changing AppSec by using the Security Graph to connect validated runtime vulnerabilities directly back to source code. Stop chasing alerts and fix what’s truly exploitable...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/01 9:53 p.m.212 views

Exploit for CVE-2025-12197

Security Research This repository contains my security resea...

7.5CVSS5.9AI score0.16727EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2026/01/14 2:0 p.m.9 views

Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security

Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new offering, currently in beta, extends our vulnerability and exposure management solution, Exposure Command, into the moment where cloud risk...

7.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.11 views

CVE-2020-7465

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service memory corruption...

9.8CVSS8.1AI score0.02947EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.9 views

CVE-2025-65566

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

7.5CVSS6.7AI score0.00285EPSS
Exploits1References1
NVD
NVD
added 2025/12/18 8:16 p.m.4 views

CVE-2025-65566

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

7.5CVSS0.00285EPSS
Exploits1References1
OSV
OSV
added 2025/12/18 8:16 p.m.3 views

CVE-2025-65566

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

7.5CVSS5.8AI score0.00285EPSS
Exploits1References1
Rows per page
Query Builder