Lucene search
K

6133 matches found

CVE
CVE
added yesterday8 views

CVE-2026-61501

Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...

6.1CVSS6.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
NVD
NVD
added 3 days ago7 views

CVE-2026-60090

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS0.0041EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43175

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS6.1AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 3 days ago13 views

CVE-2026-60090

CVE-2026-60090 affects PraisonAI prior to 4.6.78, exposing a SQL/CQL injection risk via the vector dimension in the PGVector and Cassandra knowledge-store backends. The root cause is that the caller-controlled dimension value is interpolated into the generated CREATE TABLE DDL without runtime enf...

9.8CVSS6.1AI score0.0041EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42961

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS6.1AI score0.00382EPSS
Exploits0References5
NVD
NVD
added 4 days ago12 views

CVE-2026-51119

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS0.00382EPSS
Exploits0References4
CVE
CVE
added 4 days ago6 views

CVE-2026-51119

Invixium IXM WEB 2.3.85.25 is affected. The issue allows privilege escalation via the /SystemUsers/CreateAppUser component, as described in CVE-2026-51119, with CVSS 3.1 base score 9.1 (CRITICAL). No specific root-cause, vulnerable version ranges, exploit details, or fixes are provided beyond thi...

9.1CVSS6.1AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-51119

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

0.00382EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-60120

Bagisto CVE-2026-60120 affects Bagisto before 2.4.4. It is a stored XSS via client-side template injection: an unauthenticated attacker registers a customer with malicious payload in the first or last name, causing the Create Order page to render in administrator browsers and execute arbitrary Ja...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-60120 Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59206

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42612

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 5 days ago12 views

CVE-2026-15186

The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-9235

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References6
Snyk
Snyk
added 5 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00088EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00088EPSS
Exploits0References1
Rows per page
Query Builder