Lucene search
K

1760 matches found

Nuclei
Nuclei
added yesterday7 views

XWiki DeleteApplication - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

6.5CVSS7AI score0.00463EPSS
Exploits1References2
CVE
CVE
added 4 days ago9 views

CVE-2026-11990

The CVE-2026-11990 entry affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin, specifically versions up to and including 4.4.0. The root issue is missing authorization checks for actions, allowing unauthenticated attackers to mark arbitrary pending appointments as Conf...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
NVD
NVD
added 5 days ago7 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

9CVSS0.00392EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS5.8AI score0.00392EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-53963 Discourse: Stored-XSS in 2FA delete confirmation modal

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS0.00392EPSS
Exploits0References9
CVE
CVE
added 5 days ago8 views

CVE-2026-53963

CVE-2026-53963 (Discourse) describes a stored XSS in the delete confirmation dialog for a malicious second-factor name on an attacker-controlled account. Affected software is Discourse (open-source discussion platform); vulnerable versions are prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. ...

9CVSS5.8AI score0.00392EPSS
Exploits0References9Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54781 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
CVE
CVE
added 6 days ago17 views

CVE-2026-54781

CoreWCF (SAML token validation) does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate subjects without proper authority. Affects CoreWCF.Primitives and rel...

7.4CVSS5.9AI score0.00178EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 10:45 p.m.33 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 10:45 p.m.6 views

CVE-2026-53642

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 10:45 p.m.15 views

CVE-2026-53642

FOSSBilling versions 0.5.6–0.7.2 expose a page‑level access control flaw: when Require Email Confirmation is on, a logged‑in client with email_approved = 0 can access any /client/* page and read real account data (wallet balances, transaction history). The API enforces restrictions correctly to p...

5.3CVSS6AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 10:45 p.m.2 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:27 p.m.5 views

GHSA-HMJ5-JM8H-H9FH Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56035

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When the Require Email Confirmation setting is enabled, a logged-in client with an unverified email address, indicated by the variable email approved = 0, can bypass page-side enforcement...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:38 p.m.4 views

CVE-2026-58579 RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.1CVSS6.1AI score0.00182EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/07/02 6:14 p.m.11 views

Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfilesuri value for example,...

8.8CVSS6.4AI score0.02642EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2026/07/02 6:14 p.m.10 views

GHSA-M3CR-VC2J-PM27 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfilesuri value for example,...

8.1CVSS6.4AI score0.02642EPSS
Exploits0References9
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:26 p.m.5 views

EUVD-2026-39418

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder