Lucene search
K

15 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-55668

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS
Exploits0References3
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-55668 File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS
Exploits0References3
CVE
CVE
added 6 hours ago6 views

CVE-2026-55668

The CVE affects File Browser’s ScopedFs component prior to version 2.63.16. An authenticated user with Create and Modify permissions can trigger ScopedFs to validate the nearest existing ancestor of a dangling symlink and then follow the symlink during file creation, allowing attacker‑controlled ...

6.3CVSS6AI score
Exploits0References3
EUVD
EUVD
added 2026/06/17 8:5 p.m.10 views

EUVD-2026-37793

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:4 a.m.24 views

CVE-2026-40549

SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in the groupe_save create, modify, and delete endpoints. An attacker could induce an authenticated user to issue forged GET or POST requests via a malicious site. Affected version: 1.55 and below. The CVSS metrics indicate low to moder...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-2050

Malware in sbrugna...

9CVSS6.3AI score0.02957EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/04/26 4:46 a.m.34 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.5AI score0.00209EPSS
Exploits1References1
Snyk
Snyk
added 2025/04/21 3:31 p.m.3 views

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image title sub-field in the image field. Details Cross-site scripting or X...

6.5CVSS5.2AI score0.00286EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/21 3:31 p.m.1 views

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image copyright sub-field in the image field. Details Cross-site scripting ...

6.1CVSS5.3AI score0.00209EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.5 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

6.5CVSS6.2AI score0.00286EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.6 views

PT-2025-17444 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.5 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from the presence of stored cross-site scripting in the image parameter of the Create/Modify article function, which could lead to the execution of arbitra...

5.4CVSS5.7AI score0.00209EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.42 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

0.00209EPSS
Exploits1References1
OSV
OSV
added 2025/04/18 6:31 p.m.3 views

GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS6AI score0.00209EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-23701 · Veritas · Veritas Netbackup Opscenter

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2 Veritas NetBackup OpsCenter versions 9.x through 9.0.0.1 Veritas NetBackup OpsCenter versions 9.1.x through 9.1.0.1 Veritas NetBackup OpsCenter version 10 Description: An authenticated...

9.9CVSS6.4AI score0.00832EPSS
Exploits0References3
Rows per page
Query Builder