Lucene search
K

73311 matches found

BDU FSTEC
BDU FSTEC
added 6 hours ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
Nuclei
Nuclei
added 11 hours ago46 views

PyTorch TorchServe SSRF

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

10CVSS7AI score0.35256EPSS
Exploits6References3
Nuclei
Nuclei
added 11 hours ago38 views

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6.4AI score0.15682EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago26 views

XWiki >= 13.10.8 - Cross-Site Scripting

Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript. id: CVE-2023-29506 info: name: XWiki = 13.10.8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Reflected XSS vulnerability in XWiki authenticate endpoints allows...

6.1CVSS6.5AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago38 views

XWiki - Open Redirect

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

6.1CVSS6.3AI score0.01756EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago42 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.3AI score0.01224EPSS
Exploits1
Nuclei
Nuclei
added 11 hours ago71 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago81 views

Aryanic HighMail (High CMS) - Cross-Site Scripting

A cross-site scripting vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. id: CVE-2020-23517 info: name: Aryanic HighMail High CMS - Cross-Site Scripting author: geeknik severity: medium...

6.1CVSS6.5AI score0.07051EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago9 views

Blesta <= 5.13.1 - Cross-Site Scripting

Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions. id: CVE-2026-25616 info: name: Blesta = 5.13.1 - Cross-Site Scripting author: 0xAkoko severity:...

6.1CVSS6.1AI score0.00383EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago27 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS7.3AI score0.18671EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago21 views

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...

5.8CVSS6.6AI score0.04612EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago25 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS7.3AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added 11 hours ago45 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago69 views

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS6.4AI score0.04731EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago185 views

Hotel Druid 3.0.2 - Cross-Site Scripting

Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. id: CVE-2021-37833 info: name: Hotel Druid 3.0.2 - Cross-Site Scripting author: pikpikcu,s4e-io severity: medium description: Hotel Druid 3.0.2 contains a...

6.1CVSS6.5AI score0.04878EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-57728

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through = 3.20.5...

7.1CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder