Lucene search
K

29779 matches found

Vulnrichment
Vulnrichment
added 2026/01/15 11:0 p.m.3 views

CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation

A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...

8CVSS5.4AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:0 p.m.3 views

CVE-2026-1010

A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...

8CVSS5.4AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/15 11:0 p.m.23 views

CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation

A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...

8CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/01/15 11:0 p.m.12 views

CVE-2026-1010

CVE-2026-1010 is a stored XSS vulnerability in the Altium Workflow Engine caused by missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data, and when an administrator views the affected workflow, the ...

8CVSS5.4AI score0.00303EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2026/01/15 10:0 p.m.11 views

Node.js: HashDoS in V8

Vulnerability description not provided...

5.9CVSS6.5AI score0.00283EPSS
Exploits0
OSV
OSV
added 2026/01/15 9:16 p.m.6 views

CVE-2026-21903

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 9:16 p.m.4 views

CVE-2026-21903

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

7.1CVSS0.0036EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/15 8:20 p.m.26 views

CVE-2026-21906 Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode...

8.7CVSS0.00497EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 8:18 p.m.3 views

CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

7.1CVSS6.5AI score0.0036EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 8:18 p.m.14 views

CVE-2026-21903

CVE-2026-21903 is a stack-based buffer overflow in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS. A network-based attacker with low privileges can trigger a Denial-of-Service by subscribing to telemetry sensors at scale, which causes all FPC connections to drop, an FPC crash, an...

7.1CVSS6.5AI score0.0036EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 8:18 p.m.3 views

CVE-2026-21903

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

7.1CVSS5.5AI score0.0036EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/15 8:18 p.m.4 views

EUVD-2026-2692

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

7.1CVSS6.3AI score0.0036EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/15 5:23 p.m.8 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.4 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

9.1CVSS7.2AI score0.99999EPSS
Exploits21References10
OSV
OSV
added 2026/01/15 5:16 p.m.5 views

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS6AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 5:16 p.m.4 views

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS6AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 5:16 p.m.6 views

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 5:16 p.m.11 views

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 4:33 p.m.3 views

SUSE-SU-2026:20086-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. - MFSA 2026-03 bsc1256340 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphic...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/01/15 4:32 p.m.20 views

CVE-2026-20047 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/15 4:32 p.m.3 views

CVE-2026-20047 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS5.8AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder