Lucene search
K

3934 matches found

Nuclei
Nuclei
added 15 hours ago63 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 15 hours ago64 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago1017 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
Nuclei
Nuclei
added 15 hours ago79 views

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

9.8CVSS7AI score0.06399EPSS
Exploits0References2
Fedora
Fedora
added 2026/07/02 1:12 a.m.9 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.25 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 12:0 a.m.5 views

CVE-2026-38891

An improper input validation in the gazeborosdiffdrive.cpp component of gazeboplugins v3.9.0 allows attackers to cause a Denial of Service DoS via supplying a crafted geometrymsgs::Twist message...

5.8AI score0.00343EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54759

Name of the Vulnerable Software and Affected Versions gazebo plugins version 3.9.0 Description Improper input validation in the gazebo ros diff drive.cpp component allows attackers to cause a Denial of Service DoS by supplying a crafted geometry msgs::Twist message. Recommendations At the moment,...

7.5CVSS6AI score0.00343EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2026-56277 Flowise - Hardcoded CORS Wildcard in TTS Endpoint

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS0.00136EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 11:23 p.m.6 views

CVE-2026-13083 Pen-drive: pen-drive: stored xss via unescaped cluster data in html report

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.7 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 11:23 p.m.18 views

CVE-2026-13083

CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....

6.9CVSS5.7AI score0.00176EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.44 views

CVE-2026-13083 Pen-drive: pen-drive: stored xss via unescaped cluster data in html report

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.10 views

CVE-2026-2299

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS0.00119EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:55 p.m.6 views

CVE-2026-2299

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score0.00119EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 6:55 p.m.15 views

CVE-2026-2299

CVE-2026-2299 affects the Mattermost Google Drive plugin prior to version 1.1.0. The file creation endpoint does not validate channel membership, allowing authenticated users with a connected Google account to share Google Drive files into unauthorized private channels and disclose private channe...

4.2CVSS5.8AI score0.00119EPSS
Exploits0References1
Rows per page
Query Builder