Lucene search
K

56100 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-33276

Mautic has Server-Side Template Injection SSTI in Theme Templates...

9.9CVSS5.8AI score0.00439EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-58653 PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-58653

CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...

5.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41367

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added yesterday158 views

ManageEngine OpManager - Directory Traversal

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...

9.1CVSS7.5AI score0.47024EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday412 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.9AI score0.06583EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday50 views

Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation

Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...

9.8CVSS5.8AI score0.40739EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday276 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS5.8AI score0.0054EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday47 views

XWiki < 14.10.14 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS7.4AI score0.05166EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday27 views

Telesquare TLR-2855KS6 - Arbitrary File Creation

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...

7.5CVSS7.1AI score0.23945EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday15 views

SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation

SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...

9.8CVSS7.6AI score0.83425EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS5.8AI score0.00711EPSS
Exploits0References3
Circl
Circl
added yesterday3 views

CVE-2026-11578

creationtimestamp| type| source ---|---|--- 2026-07-02 08:30:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnmjyq3om26 2026-07-02 20:12:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpotr7dht427...

2.7CVSS5.8AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-5821

creationtimestamp| type| source ---|---|--- 2026-07-02 07:51:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnkd3ji6c2n 2026-07-02 20:13:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpots6j3lb2k...

8.1CVSS5.8AI score
Exploits0References2
Circl
Circl
added yesterday3 views

CVE-2026-5051

creationtimestamp| type| source ---|---|--- 2026-07-02 07:47:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnk5hh7a22d 2026-07-02 18:58:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116851914441373282...

4.4CVSS5.8AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-57722

creationtimestamp| type| source ---|---|--- 2026-07-02 07:32:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnjb3klmd2d...

5.9CVSS5.8AI score
Exploits0References1
Circl
Circl
added yesterday3 views

CVE-2026-13795

creationtimestamp| type| source ---|---|--- 2026-07-02 07:18:51+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 09:20:25+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnpcqqa7m22...

6.5CVSS5.7AI score0.0022EPSS
Exploits0References2
Circl
Circl
added yesterday2 views

CVE-2026-20214

creationtimestamp| type| source ---|---|--- 2026-07-02 06:25:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnfkhqxay2o 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...

7.5CVSS5.7AI score
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-57269

creationtimestamp| type| source ---|---|--- 2026-07-02 04:58:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnapbsmog2n...

8.3CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder