Lucene search
K

2054 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43055

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 4 days ago3 views

CVE-2026-13231

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-13232

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

3.1CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13232 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-13232

This CVE concerns Drupal Advanced Content Feedback (admin_feedback). Affected: versions 0.0.0–2.8.0. Root cause: incorrect authorization, failing to sufficiently verify authorization over the targeted feedback record during comment processing. Impact: potential access bypass/IDOR, enabling forcef...

3.1CVSS6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-13231

Summary: CVE-2026-13231 affects Drupal Advanced Content Feedback (admin_feedback). The issue is improper neutralization of input during web page generation, causing a Stored XSS vulnerability. The vulnerable component is the admin_feedback module, with affected versions 0.0.0 through 2.8.0. The r...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13231 Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

0.00161EPSS
Exploits0References1
Metasploit
Metasploit
added 4 days ago12 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 32-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
Metasploit
Metasploit
added 4 days ago13 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 9:10 p.m.31 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:10 p.m.3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/06 9:10 p.m.12 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:10 p.m.7 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56024

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The application lacks authentication, rate limiting, and input validation at the 'POST /api/feedback' endpoint. This allows arbitrary content to be forwarded directly to a Discord webhook,...

6.5CVSS6AI score0.003EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13567

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 12:30 p.m.36 views

CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 12:30 p.m.15 views

CVE-2026-13567

The CVE-2026-13567 entry affects code-projects Online Music Site 1.0 in the POST Request Handler’s /Frontend/Feedback.php. An attacker can manipulate parameters fname, femail, faddress, or fmessage to trigger cross-site scripting. The issue is remote-present with a publicly released exploit (Proo...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 12:30 p.m.8 views

EUVD-2026-40082

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
Rows per page
Query Builder