Lucene search
K

62470 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42224

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

6.1CVSS5.9AI score
Exploits0References2
NVD
NVD
added 1 hour ago3 views

CVE-2026-11903

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS
Exploits0References1
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

4.8CVSS
Exploits0References1
NVD
NVD
added 7 hours ago6 views

CVE-2026-57246

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added 9 hours ago7 views

CVE-2026-57248 Foxit PDF Editor/Reader Annotation Improper Release Vulnerability

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS
Exploits0References1
Nuclei
Nuclei
added 11 hours ago19 views

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS7.9AI score0.06589EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago15 views

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

5.3CVSS7.2AI score0.01131EPSS
Exploits0References1
Nuclei
Nuclei
added 11 hours ago58 views

Vite Dev Server - Path Traversal in Optimized Deps .map Handling

Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added yesterday5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday26 views

CVE-2025-12799 Jastow: jastow cross-site scripting attack due to unsanitized uri

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-42037

The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...

4.7CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: redhat-ds:12 security update

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 E4S for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.2AI score0.00549EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-8309

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...

5.4CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-8309

The CVE-2026-8309 applies to Armiya Information Technologies Ltd. Co. Access Control System (GKS), affected before Version 2. It is a Reflected XSS caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics indicate a Medium impact (5.4) with network attack vec...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder