Lucene search
K

107412 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55231

Name of the Vulnerable Software and Affected Versions UniFi Connect Application affected versions not specified Description An Improper Access Control flaw allows a malicious actor with network access to perform Command Injection on the host device. Command Injection is a security issue where an...

10CVSS6.1AI score0.00826EPSS
Exploits0References5
CVE
CVE
added 3 days ago7 views

CVE-2026-54259

Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and

4.3CVSS5.6AI score0.00162EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40130

Rancher has Privilege Escalation from Project Owner to Host...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-49091 Improper Output Neutralization for Logs in Kibana Leading to Log Injection

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago4 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References5
NVD
NVD
added 3 days ago7 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-13706

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php...

0.00278EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-58028

The CVE-2026-58028 entry describes an XSS flaw in Wikimedia Foundation MediaWiki and CentralAuth, caused by improper neutralization of input during web page generation. Affected software includes MediaWiki (pre-1.46.0, 1.45.4, 1.44.6, 1.43.9) and CentralAuth (same version bounds). The issue impli...

5.8AI score0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-58038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

5.8AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-24251

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00155EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-58032

MediaWiki vulnerability CVE-2026-58032 is an XSS in mw.Api.getErrorMessage() that may return injected HTML when errorformat=html is not used. Affected: MediaWiki versions before 1.46.0, and earlier branches 1.45.4, 1.44.6, 1.43.9, due to improper neutralization in resources/src/mediawiki.Api/inde...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41012

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...

5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41010

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41008

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-12575

DVP80ES3 with Improper Resource Shutdown or Release vulnerability...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 3 days ago10 views

CVE-2026-14193

DVP80ES300T with Improper Validation of Array Index Vulnerability...

7.5CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-12577 DVP80ES3 Improperly Implemented Security Check for Standard vulnerability

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder