Lucene search
+L

446 matches found

nuclei
nuclei
added 8 hours ago31 views

WordPress heat-trackr 1.0 - Cross-Site Scripting

WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackrabtestadd.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...

6.1CVSS6.6AI score0.03415EPSS
Exploits1References4
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1750 openstack-heat may disclose sensitive information

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied...

5.3CVSS5.9AI score0.0039EPSS
Exploits1References7
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-437 Openstack Magnum Unsafe Credential Handling

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

9.8CVSS7.2AI score0.01867EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:40 p.m.13 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.6AI score0.00114EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 11:16 a.m.16 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
cve
cve
added 2026/06/01 9:17 a.m.24 views

CVE-2026-25599

CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 9:17 a.m.9 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 9:17 a.m.32 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.19 views

PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References2
cve
cve
added 2026/02/17 8:2 p.m.25 views

CVE-2026-2621

CVE-2026-2621 affects Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0, specifically the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The vulnerability stems from improper handling of the PGUID argument, enabling SQL injection that can be triggered remotely. Public exp...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References4
thn
thn
added 2026/01/31 7:5 a.m.12 views

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...

7.2CVSS5.9AI score0.00666EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2016-0034

Malware in sbrugna...

7.5CVSS7.4AI score0.02415EPSS
Exploits0References11
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-0139

Malware in sbrugna...

4.3CVSS6.3AI score0.01466EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-0035

Malware in sbrugna...

7.5CVSS7.4AI score0.01651EPSS
Exploits0References9
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-0022

Malware in sbrugna...

4.3CVSS7.8AI score0.02758EPSS
Exploits1References18
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-6240

Malware in sbrugna...

4CVSS6.1AI score0.01744EPSS
Exploits2References6
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2014-0137

Malware in sbrugna...

4.3CVSS6.3AI score0.01466EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-4752

Malware in sbrugna...

10CVSS9.2AI score0.03836EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3617

Malware in sbrugna...

7.5CVSS6.4AI score0.01105EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-10001

Malware in sbrugna...

4.3CVSS4.6AI score0.01537EPSS
Exploits0References7
Rows per page
Query Builder