Lucene search
K

2641 matches found

Nuclei
Nuclei
added yesterday139 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.4AI score0.01089EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday7 views

WordPress 1 Click Migration Plugin < 2.3 - Information Exposure

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.9CVSS6.7AI score0.01575EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56922

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.6.17 Roundcube Webmail versions prior to 1.7.2 Description Stored Cross-Site Scripting XSS occurs via a crafted plain-text email message. This allows attacker-controlled JavaScript to execute within the...

7.2CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 1:0 p.m.37 views

CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 1:0 p.m.8 views

EUVD-2026-40089

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:22 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5702 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering in github.com/siyuan-note/siyuan/kernel

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering in github.com/siyuan-note/siyuan/kernel...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 5:36 p.m.44 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 2:35 p.m.2 views

OPENSUSE-SU-2026:21017-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 2:28 p.m.3 views

SUSE-SU-2026:22254-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References3
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22321-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.11 views

Amazon Linux 2023 : python3-click (ALAS2023-2026-1854)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1854 advisory. Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-72...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References4
OSV
OSV
added 2026/06/19 3:11 p.m.24 views

GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...

5.1CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2026/06/15 12:31 a.m.13 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS
Exploits0References7
NVD
NVD
added 2026/06/14 11:16 p.m.15 views

CVE-2026-12187

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS0.0194EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 10:0 p.m.28 views

CVE-2026-12187

CVE-2026-12187 affects GL.iNet GL‑MT3000 devices running firmware up to 4.4.5. The vulnerability is in an unknown function of the /usr/bin/one_click_upgrade component (Online Firmware Upgrade Handler) that allows remote command injection. Public disclosure and PoC details are indicated; exploitat...

9CVSS7.5AI score0.0194EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

Security Updates for Microsoft Office Products C2R (June 2026)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824, CVE-2026-45461, CVE-2026-45463,...

8.4CVSS6.8AI score0.00467EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.9 views

CVE-2026-47293

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:17 p.m.9 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits1References17
Rows per page
Query Builder