Lucene search
K

300011 matches found

Microsoft KB
Microsoft KB
added 6 hours ago17 views

Description of the security update for SharePoint Server 2016: June 9, 2026 (KB5002880)

None None...

9.8CVSS6.5AI score0.01982EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 8 hours ago14 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
OSV
OSV
added 9 hours ago6 views

ROOT-OS-UBUNTU-2204-CVE-2023-52737 CVE-2023-52737 in rootio-linux - Patched by Root

Root has patched CVE-2023-52737 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.2AI score0.0021EPSS
Exploits0
Cvelist
Cvelist
added 10 hours ago10 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS
Exploits0References1
OSV
OSV
added 11 hours ago7 views

ROOT-OS-DEBIAN-11-CVE-2022-50224 CVE-2022-50224 in rootio-linux - Patched by Root

Root has patched CVE-2022-50224 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.4AI score0.00171EPSS
Exploits0
RedHat Linux
RedHat Linux
added 11 hours ago5 views

firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

4.7CVSS6AI score0.00175EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 11 hours ago4 views

firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

4.7CVSS6AI score0.00185EPSS
Exploits0References6
Nuclei
Nuclei
added 13 hours ago38 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7AI score0.39391EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago105 views

AppCMS - Cross-Site Scripting

AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...

6.1CVSS6.4AI score0.02542EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago48 views

FineCMS <5.0.9 - Open Redirect

FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-11586 info: name: FineCMS 5.0.9 - Open...

6.1CVSS6.4AI score0.02286EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago80 views

Contest Gallery < 13.1.0.6 - SQL injection

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...

9.8CVSS7.1AI score0.127EPSS
Exploits2References3
Nuclei
Nuclei
added 13 hours ago1419 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6.1AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago49 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6.1AI score0.01443EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago88 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS6.2AI score0.06643EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago101 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
Nuclei
Nuclei
added 13 hours ago56 views

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS6.9AI score0.03096EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago26 views

WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. id: CVE-2022-44356 info: name: WAVLINK Quantum D4G WL-WN531G3 - Information Disclosur...

7.5CVSS7AI score0.02756EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago95 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6.1AI score0.01959EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago24 views

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. id: CVE-2023-6444 info: name: Seriously Simple Podcasting 3.0.0 - Information Disclosure author: s4e-io...

5.3CVSS6.1AI score0.02463EPSS
Exploits3References3
Nuclei
Nuclei
added 13 hours ago154 views

Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS6.2AI score0.02001EPSS
Exploits0References2
Rows per page
Query Builder