Lucene search
+L

210 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 5:10 p.m.16 views

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8AI score0.00047EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48808

Name of the Vulnerable Software and Affected Versions Kolibri versions prior to 0.19.4 Description Several API endpoints accept an unvalidated baseurl parameter, allowing the server to fetch attacker-controlled URLs and reflect the response body back to the caller. This occurs because the baseurl...

5.8CVSS6.1AI score0.00047EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fix: Use strings when defining tracepoints for DA monitors. Using DA monitor tracepoints with KASAN enabled triggers the following warning: Bug: KASAN: Global-out-of-bounds access in doTraceEventRawEventEventDaMonitor+0xd6/0x1a0...

7.1CVSS5.6AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2023-60559

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.8 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS6AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.10 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

7.6CVSS6AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.9 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

7.1CVSS5.5AI score0.00262EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.16 views

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

9.4CVSS5.6AI score0.00333EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 5:25 p.m.6 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 5:25 p.m.9 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS6.1AI score0.00315EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.12 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

7.1CVSS0.00262EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.10 views

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

9.4CVSS0.00333EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.7 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS0.00315EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.9 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

7.6CVSS0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 5:25 p.m.3 views

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

9.4CVSS5.8AI score0.00333EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

7.6CVSS6.1AI score0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.2 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

5.3AI score0.00262EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

6AI score0.00281EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/20 12:0 a.m.34 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21252

Name of the Vulnerable Software and Affected Versions Key Systems Inc Global Facilities Management Software version 20230721a Description A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software version 20230721a. This allows a remote attacker to execute...

5.8AI score0.00315EPSS
Exploits1References3
Rows per page
Query Builder