Lucene search
+L

1983 matches found

cvelist
cvelist
added 2026/03/09 12:0 a.m.31 views

CVE-2025-70046

An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master...

0.00359EPSS
Exploits0References3
cnvd
cnvd
added 2026/03/06 12:0 a.m.3 views

Microsoft Azure Front Door Access Control Error Vulnerability

Microsoft Azure Front Door is a cloud-based content delivery network from Microsoft Corporation in the United States. An access control error vulnerability exists in Microsoft Azure Front Door, which can be exploited by an attacker to elevate privileges...

9.8CVSS5.8AI score0.01251EPSS
Exploits0References1
osv
osv
added 2026/02/20 5:25 p.m.6 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

5.1CVSS5.8AI score0.00183EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/20 4:48 p.m.5 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/20 4:48 p.m.27 views

CVE-2026-27504 SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS0.00183EPSS
Exploits0References2
cve
cve
added 2026/02/20 4:48 p.m.16 views

CVE-2026-27504

SVXportal

6.1CVSS5.4AI score0.00183EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/20 4:48 p.m.3 views

CVE-2026-27504 SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.8 views

SVXportal 安全漏洞

SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unchecked stationid parameter in the radiomobilefront.php file, which could lead to reflection-type...

6.1CVSS5.7AI score0.00183EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.6 views

PT-2026-21273

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field,...

5.1CVSS5.4AI score0.00183EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Lizza LMS Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.7AI score0.00368EPSS
Exploits0References2
cve
cve
added 2026/02/18 9:25 a.m.15 views

CVE-2026-2126

CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/18 9:25 a.m.35 views

CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS0.00345EPSS
Exploits0References4
redhat
redhat
added 2026/02/13 7:33 a.m.6 views

python-eventlet: Eventlet HTTP request smuggling

A request smuggling flaw was found in the Eventlet PyPI library. The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability allows attackers to bypass front-end security controls, launch targeted attacks against active si...

9.1CVSS5.7AI score0.00363EPSS
Exploits0References7
fedora
fedora
added 2026/02/11 1:0 a.m.6 views

[SECURITY] Fedora 42 Update: rust-redlib-0.35.1-10.fc42

Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.8 views

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient validation of inputs when echarts was used in the web application chat front-end,...

6.1CVSS5.6AI score0.00246EPSS
Exploits1References3
ncsc
ncsc
added 2026/02/10 7:8 p.m.17 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...

9.8CVSS6.1AI score0.02344EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/02/10 3:3 a.m.4 views

CVE-2026-24321 Information Disclosure vulnerability in SAP Commerce Cloud

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References2
fedora
fedora
added 2026/02/10 1:34 a.m.7 views

[SECURITY] Fedora 43 Update: rust-redlib-0.35.1-10.fc43

Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
redhatcve
redhatcve
added 2026/02/07 1:23 a.m.8 views

CVE-2026-24300

Azure Front Door Elevation of Privilege Vulnerability...

9.8CVSS5.2AI score0.01251EPSS
Exploits0References1
cve
cve
added 2026/02/06 8:47 p.m.41 views

CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder