Lucene search
K

9646 matches found

CVE
CVE
added yesterday4 views

CVE-2026-58411

ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...

7CVSS6.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday8 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday7 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
Cvelist
Cvelist
added yesterday18 views

CVE-2026-15543 Tenda CH22 CertListInfo formCertListInfo buffer overflow

A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

9CVSS0.00466EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday109 views

Redash Setup Configuration - Default Secrets Disclosure

Redash Setup Configuration is vulnerable to default secrets disclosure Insecure Default Initialization of Resource. If an admin sets up Redash versions =10.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both...

8.1CVSS6.6AI score0.08017EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday213 views

Jakarta Tomcat 3.1 and 3.0 - Information Disclosure

Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access. id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 -...

6.4CVSS6.1AI score0.62496EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday97 views

PHPIPAM <v1.5.1 - Missing Authorization

In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify if the user i...

7.5CVSS6.7AI score0.37304EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday73 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. id: CVE-2024-3742 info: name: Electrolink FM/DAB/TV Transmitter controlloLogin.js - Credentials Disclosure author: Farish severity: high description: | Electrolink...

8.7CVSS6.1AI score0.0143EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday52 views

User Meta WP Plugin < 3.1 - Sensitive Information Exposure

The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data. id: CVE-2024-33575 info: name: User Meta WP Plugin 3.1 -...

5.3CVSS6.1AI score0.01121EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday35 views

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

7.5CVSS7AI score0.13623EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday120 views

WyreStorm Apollo VX20 - Information Disclosure

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP access point Router /device/config using an HTTP GET request. id: CVE-2024-25735 info: name: WyreStorm Apollo VX20 - Information Disclosure author: johnk3r...

9.1CVSS6.8AI score0.50622EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday245 views

Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...

7.5CVSS6.5AI score0.02348EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday148 views

FleetCart 4.1.1 - Information Disclosure

Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId". id: CVE-2024-5230 info: name: FleetCart 4.1.1 - Information Disclosure author: s4e-io severity: medium description: | Issues wi...

6.9CVSS6.2AI score0.18768EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday156 views

NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.3CVSS7AI score0.38023EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday184 views

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. id: CVE-2023-32077 info: name: Netmaker - Hardcoded DNS Secret Key author: iamnoooob,rootxharsh,pdresearch...

7.5CVSS6.8AI score0.03147EPSS
Exploits0
Nuclei
Nuclei
added yesterday81 views

Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS7.1AI score0.51466EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday71 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.3AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday95 views

WordPress Metform <=2.1.3 - Information Disclosure

WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the /core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA...

7.5CVSS7AI score0.09699EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday81 views

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

7.5CVSS7AI score0.38083EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday58 views

MicroStrategy Library <11.1.3 - Cross-Site Scripting

MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

6.1CVSS6.5AI score0.0454EPSS
Exploits0References5
Rows per page
Query Builder