Lucene search
K

5908 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.1 views

CVE-2026-22154

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3,...

4.6CVSS5.2AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:38 p.m.10 views

CVE-2026-22154

CVE-2026-22154 affects Fortinet FortiSOAR PaaS (versions 7.3–7.6.3, with 7.4/7.5/7.6.0–7.6.3 explicitly listed) and FortiSOAR on-premise (same version ranges) where improper neutralization of input during web page generation enables an authenticated remote attacker to perform a stored XSS attack ...

5.4CVSS5.2AI score0.00221EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/14 12:0 a.m.7 views

CVE-2025-65133

CVE-2025-65133 : A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can send a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database informati...

9.8CVSS5.9AI score0.00526EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

Fortinet FortiSandbox 跨站脚本漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...

5.4CVSS5.8AI score0.00275EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/13 12:0 a.m.11 views

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

9.8CVSS7.7AI score0.94085EPSS
In wildExploits1
NVD
NVD
added 2026/04/09 6:17 p.m.4 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

7.2CVSS0.00228EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:41 p.m.1 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2026/04/08 8:16 p.m.4 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits3References4
CVE
CVE
added 2026/04/08 12:4 p.m.11 views

CVE-2026-5300

CVE-2026-5300 affects CoolerControl/coolercontrold prior to version 4.0.0, where unauthenticated users can view and modify potentially sensitive data via HTTP requests. The issue impacts both confidentiality and integrity (CVSS v3.1 base scores: 9.1/CRITICAL under NVD, with NETWORK attack vector ...

9.1CVSS5.9AI score0.00218EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/04 6:38 a.m.5 views

GHSA-5HR4-253G-CPX2 web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summary web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation...

7.2CVSS6AI score0.00228EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/04/03 9:51 p.m.6 views

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

Summary A Server Side Request Forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00246EPSS
Exploits1References5Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/02 12:43 p.m.6 views

Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429. Patch Instructions: To install this SUSE...

8.2CVSS5.9AI score0.05322EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:41 p.m.3 views

CVE-2026-2862

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References2Affected Software4
NVD
NVD
added 2026/04/01 5:28 p.m.9 views

CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29547

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.18 views

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.4 views

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot from 3.0.0 to 3.5.3 have security vulnerabilities. These vulnerabilities stem from lax character filtering, which could allow attackers to execute arbitrary code o...

9.8CVSS6.3AI score0.00519EPSS
Exploits0References2
CVE
CVE
added 2026/03/29 5:51 p.m.18 views

CVE-2026-0560

Summary of the vulnerability (CVE-2026-0560): In parisneo/lollms

7.5CVSS7.4AI score0.01765EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 6:48 p.m.9 views

GHSA-PWQR-WMGM-9RR8 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Background This vulnerability is a new variant discovered during research into the "Funky Chunks" HTTP request smuggling techniques: - - The original researc...

7.5CVSS6.1AI score0.0064EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.2AI score0.00453EPSS
Exploits1References1
Rows per page
Query Builder