Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

781 matches found

Akamai Blog
Akamai Blogadded 2026/05/26 6:0 p.m.4 views

Introducing Password-Less Provisioning and Atomic Customization for VMs

Akamai Cloud introduces password-less provisioning and atomic customization. Align with Zero Trust by eliminating root passwords and hardening VMs at creation...

5.8AI score
Exploits0
Talos Blog
Talos Blogadded 2026/05/19 10:0 a.m.4 views

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

5.9AI score
Exploits0
Fedora
Fedoraadded 2026/04/25 1:55 a.m.4 views

[SECURITY] Fedora 44 Update: qt6-qtgraphs-6.10.3-1.fc44

The Qt Graphs module enables you to visualize data in 3D as bar, scatter, and surface graphs. It's especially useful for visualizing depth maps and large quantities of rapidly changing data, such as data received from multiple sensors. The look and feel of graphs can be customized by using themes...

5.3AI score
Exploits0
CNNVD
CNNVDadded 2026/04/20 12:0 a.m.4 views

OpenMage Magento Lts(Magento) 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete blocklists used during the upload of product customization files, which...

8.8CVSS6.1AI score0.0009EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.0 views

PT-2026-33420

Name of the Vulnerable Software and Affected Versions CodeAstro Simple Attendance Management System version 1.0 Description A SQL injection allows remote unauthenticated attackers to bypass authentication. This occurs via the username parameter in the 'index.php' endpoint. Recommendations At the...

9.8CVSS5.8AI score0.00075EPSS
Exploits1References7
NVD
NVDadded 2026/04/09 6:17 p.m.1 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS0.00046EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/09 4:54 p.m.3 views

CVE-2026-39980 OpenCTI affected by RCE via notifier template

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00046EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/09 4:54 p.m.1 views

EUVD-2026-20972

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00046EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.0 views

PT-2026-31664

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.5 Description OpenCTI is a platform for managing cyber threat intelligence. Prior to version 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with Manage customization capability can...

9.1CVSS6AI score0.00046EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.3 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00027EPSS
Exploits1References1
CVE
CVEadded 2026/04/06 7:6 p.m.7 views

CVE-2026-35180

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35180 due to a CSRF vulnerability in the site customization endpoint (admin/customize_settings_nativeUpdate.json.php) that lacks CSRF validation and writes uploaded logo files to disk before ORM domain checks. Combined with SameSite=No...

4.3CVSS5.8AI score0.00027EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/06 7:6 p.m.1 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00027EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/06 7:6 p.m.16 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00027EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/02 10:53 a.m.3 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/01 12:31 p.m.0 views

EUVD-2026-17851

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References6
NVD
NVDadded 2026/04/01 10:16 a.m.2 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00015EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/01 10:0 a.m.1 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/04/01 10:0 a.m.26 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00015EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/01 10:0 a.m.0 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5
CVE
CVEadded 2026/04/01 10:0 a.m.3 views

CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

6.5CVSS6.2AI score0.00015EPSS
Exploits0References5
Rows per page
Query Builder