Lucene search
K

72538 matches found

NVD
NVD
added yesterday4 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS
Exploits1References1
NVD
NVD
added yesterday4 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS
Exploits1References1
CVE
CVE
added yesterday12 views

CVE-2026-34916

CVE-2026-34916 affects Revive Adserver 6.0.6 and earlier. A missing validation of user input when saving delivery limitations could allow a low‑privileged user to use the logical parameter to inject PHP code into the compiledlimitations field, which could be executed during banner delivery. The a...

8.8CVSS6.6AI score
Exploits1References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-38507

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS6.7AI score
Exploits1References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-38506

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS6.6AI score
Exploits1References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS
Exploits1References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS
Exploits1References1
RedHat Linux
RedHat Linux
added yesterday6 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation...

8.1CVSS6AI score0.00304EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday21 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS8AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added yesterday5 views

Blesta <= 5.13.1 - Cross-Site Scripting

Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions. id: CVE-2026-25616 info: name: Blesta = 5.13.1 - Cross-Site Scripting author: 0xAkoko severity:...

6.1CVSS5.8AI score0.00383EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday35 views

XWiki - Open Redirect

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

6.1CVSS6.2AI score0.01756EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday30 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.3AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday19 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.2AI score0.01224EPSS
Exploits1
Nuclei
Nuclei
added yesterday24 views

XWiki >= 13.10.8 - Cross-Site Scripting

Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript. id: CVE-2023-29506 info: name: XWiki = 13.10.8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Reflected XSS vulnerability in XWiki authenticate endpoints allows...

6.1CVSS6.6AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday37 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.3AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS5.7AI score0.02736EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday4 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation...

8.1CVSS6AI score0.00304EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-12797

A flaw was found in BerriAI litellm. A remote attacker could manipulate the prompt argument in the asyncprecallhook function of the Completions Interface component. This manipulation leads to incorrect authorization, potentially allowing the attacker to bypass security controls and perform...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References8
CISA KEV Catalog
CISA KEV Catalog
added yesterday3 views

Ubiquiti UniFi OS Improper Input Validation Vulnerability

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...

10CVSS5.9AI score0.33615EPSS
In wildExploits1
NVD
NVD
added 2 days ago5 views

CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS0.00287EPSS
Exploits0References3
Rows per page
Query Builder