Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 8:25 p.m.9 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/10 9:16 p.m.4 views

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS0.00218EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 12:27 a.m.13 views

CVE-2026-27598

CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...

7.1CVSS6AI score0.00571EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/06 4:15 p.m.7 views

CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...

6.9CVSS5.8AI score0.00924EPSS
Exploits2References9
CVE
CVE
added 2026/01/06 3:52 p.m.11 views

CVE-2020-36923

Affected product: Sony BRAVIA Digital Signage 1.7.8. Vulnerability: insecure direct object reference (IDOR) that bypasses authorization controls to access hidden system resources (e.g., '/#/content-creation') by manipulating client-side access restrictions. Root cause: insufficient authorization ...

9.8CVSS6.5AI score0.00924EPSS
Exploits2References9Affected Software1
Cvelist
Cvelist
added 2025/10/10 12:0 a.m.12 views

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

8.3CVSS0.00388EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/04 11:6 a.m.14 views

CVE-2025-41033 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

8.7CVSS0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference risk in the SR-IOV VF creation failure path...

5.5CVSS6.5AI score0.00164EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/13 9:15 p.m.2 views

CVE-2023-50439

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 ANSSI qualification submission, ZED! for Windows before Q.2021.2 ANSSI qualification submission, ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission, ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows...

5.3CVSS6AI score0.00522EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/22 12:0 a.m.4 views

Bug Finder Wedding Wonders 跨站脚本漏洞

Bug Finder Wedding Wonders is a matchmaking and marriage platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder Wedding Wonders version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to...

6.1CVSS4.5AI score0.00312EPSS
Exploits0References3
OSV
OSV
added 2022/11/29 8:15 p.m.2 views

CVE-2022-44279

Garage Management System v1.0 is vulnerable to Cross Site Scripting XSS via /garage/phpaction/createBrand.php...

6.1CVSS5.8AI score0.00551EPSS
Exploits1References1
Rows per page
Query Builder