Lucene search
K

72887 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Cisco Catalyst SD-WAN Manager XSS (cisco-sa-vmanage-xss-ZqkhP9W9)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...

5.4CVSS6AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Cisco IOS XE Software 跨站脚本漏洞

Cisco IOS XE Software is a network operating system developed by the American company Cisco. Cisco IOS XE Software has a cross-site scripting vulnerability, which stems from insufficient user input validation. This vulnerability may lead to storage-based cross-site scripting attacks...

4.8CVSS7.3AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

GitLab 18.5 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-3988)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/24 9:31 p.m.6 views

EUVD-2026-14988

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 9:16 p.m.3 views

CVE-2026-3912

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 8:44 p.m.2 views

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 8:44 p.m.25 views

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS0.00333EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 8:44 p.m.7 views

CVE-2026-3912

CVE-2026-3912 affects TIBCO ActiveMatrix BusinessWorks and Enterprise Administrator. The issue is an injection vulnerability arising from validation/sanitisation gaps for user-supplied input, leading to information disclosure (including accessible local files and host system details) and potentia...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/24 8:26 p.m.4 views

CVE-2026-23920

A flaw was found in Zabbix. Authenticated users can bypass input validation in host and event action scripts by injecting a newline character. This bypass occurs because the validation regex, which uses start-of-line ^ and end-of-line $ anchors, operates in multiline mode. Successful exploitation...

7.7CVSS5.9AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 8:16 p.m.7 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 7:16 p.m.5 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 7:16 p.m.4 views

UBUNTU-CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:5 p.m.24 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:5 p.m.4 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 7:5 p.m.46 views

CVE-2026-22559

CVE-2026-22559 concerns an improper input validation in UniFi Network Server (affected: 10.1.85 and earlier) that may allow unauthorized account access if the account owner is socially engineered into clicking a malicious link. Impact is high (C, I, A: High) with network access, user interaction ...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/24 6:37 p.m.7 views

PortSwigger Web Security: Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption

A security issue was discovered in the /api-internal/login authentication endpoint of the internal login interface of Burp Suite DAST Enterprise. The issue was caused by improper input validation order, where the application processed user-supplied input before enforcing field-level validation...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:27 p.m.2 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 6:27 p.m.27 views

CVE-2026-23920

The CVE describes a bypass of input validation for host and event action scripts where a regex (admin-set) is evaluated in multiline mode. If ^ and $ anchors are used in input validation, an injected newline can bypass the check and allow authenticated users to inject shell commands. The descript...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 4:9 p.m.3 views

SUSE-SU-2026:20926-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 4:7 p.m.5 views

OPENSUSE-SU-2026:20414-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References7
Rows per page
Query Builder