Lucene search
+L

33676 matches found

Nuclei
Nuclei
added 3 days ago55 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6.1AI score0.73635EPSS
Exploits11References5
NVD
NVD
added 4 days ago5 views

CVE-2026-59258

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS0.00315EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-59258

CVE-2026-59258 affects Immich before 3.0.3. A broken access control on PUT /albums/:id/user/:userId lets shared album editors modify member roles, enabling an editor to demote the owner to editor and promote themselves to owner via sequential requests, yielding full control including deletion and...

8.3CVSS6.1AI score0.00315EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44750

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS6.1AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 5 days ago7 views

JLSEC-2026-731 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when...

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS6.1AI score0.00393EPSS
Exploits0References3
NVD
NVD
added 5 days ago4 views

CVE-2026-48318

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS0.06957EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-48319

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.9CVSS0.00884EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-44552

ColdFusion is affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS6.1AI score0.11938EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-48327 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-48321 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...

9.3CVSS0.00516EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-44545

ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS6.5AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS0.17903EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-48262

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-48345

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

8.2CVSS0.00734EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-48345

Technical details are not publicly available in the provided documents. Monitor for updates.

8.2CVSS6.5AI score0.00734EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago7 views

CVE-2026-48349

CVE-2026-48349 (Animate) is an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction, but depends on conditions beyond the attacker’s control. The CVSSv3.1 base score is 8.1 (HIG...

8.1CVSS6.5AI score0.00192EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago7 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...

5.4CVSS6.1AI score0.00168EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-48355 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS6.1AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-48253

CVE-2026-48253 affects Adobe Experience Manager and describes a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could cause malicious JavaScript to execute in the victim’s browser by manipulating the DOM; exploitation requires user interaction (the victim visits a crafted page). T...

5.4CVSS6.1AI score0.00168EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago4 views

CVE-2026-47767

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty$GET, but parsestr and the web SAPI can disagree, allowing a crafted query string to...

9.8CVSS0.00386EPSS
Exploits0References6
Rows per page
Query Builder