Lucene search
K

5568 matches found

Nuclei
Nuclei
added 11 hours ago131 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.4AI score0.01089EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42616

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS6.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker wit...

7.1CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-41122

CVE-2026-41122 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could exploit this to cause informatio...

7.1CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
NVD
NVD
added 3 days ago8 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS0.00263EPSS
Exploits0References3
CVE
CVE
added 3 days ago67 views

CVE-2026-60002

Summary (CVE-2026-60002): OpenSSH

9.4CVSS6AI score0.00263EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6AI score0.00263EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago110 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

7.7CVSS0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-56293

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description A use-after-free issue exists in the ssh client. This occurs when a server changes its host key during a key re-exchange, which is a process where the client and server negotiate new session keys to...

7.7CVSS6AI score0.00263EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-56420

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

6.5CVSS0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:59 a.m.10 views

EUVD-2026-40955

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:59 a.m.17 views

CVE-2026-53909

CVE-2026-53909 affects MCO where file upload validation relies solely on client-side checks, allowing an authorized low-priv attacker to upload arbitrary file types to the server. The vulnerability has been confirmed only in version 25.3.3.1, though other versions may also be affected. The docume...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2025-36327

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:17 p.m.17 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 8:17 p.m.7 views

EUVD-2025-210378

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:17 p.m.31 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 1:2 p.m.7 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS5.9AI score0.00418EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53979

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can bypass security controls and perform unauthorized actions. This occurs because security checks that should be enforced on the server are instead...

6.5CVSS6AI score0.0036EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:0 a.m.4 views

BIT-GITLAB-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder