Lucene search
+L

18982 matches found

nuclei
nuclei
added yesterday108 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.7AI score0.09619EPSS
Exploits0References5
nuclei
nuclei
added yesterday85 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS6.1AI score0.00891EPSS
Exploits2References2
nuclei
nuclei
added yesterday1019 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
nuclei
nuclei
added yesterday62 views

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7AI score0.02626EPSS
Exploits2References5
nuclei
nuclei
added yesterday82 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...

6.1CVSS6.1AI score0.01254EPSS
Exploits2References3
nvd
nvd
added 2 days ago5 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS0.00389EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-48329

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS0.00354EPSS
Exploits0References1
euvd
euvd
added 2 days ago4 views

EUVD-2026-44548

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS6.1AI score0.00354EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago32 views

CVE-2026-48329 ColdFusion | Insufficient Session Expiration (CWE-613)

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS0.00354EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-50502

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS0.00613EPSS
Exploits0References1
nvd
nvd
added 2 days ago2 views

CVE-2026-50405

Insufficient granularity of access control in Windows Filtering Platform WFP allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
cve
cve
added 2 days ago12 views

CVE-2026-15757

Summary (CVE-2026-15757): NETGEAR DGND3700v1 modem router reportedly suffers an insufficent input validation vulnerability that could let an attacker on the same local Wi‑Fi network send unauthorized commands to the device. The description/records indicate the issue was discovered via controlled ...

8.7CVSS6.1AI score0.00196EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago24 views

CVE-2026-15757 Insufficient input validation vulnerability in NETGEAR DGND3700v1 modem router

A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has n...

8.7CVSS0.00196EPSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-55006

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
nvd
nvd
added 2 days ago2 views

CVE-2026-48581

Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-48581

CVE-2026-48581 affects Microsoft Surface. It describes insufficient granularity of access control enabling a locally authenticated attacker to escalate privileges (Impact: high; CVSS 3.1 base 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected records show the vulnerability in Surface Broker SDM...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
cve
cve
added 2 days ago18 views

CVE-2026-55006

Microsoft Exchange Server vulnerability CVE-2026-55006: Insufficient granularity of access control enables local privilege escalation for an authorized attacker. Root cause: lack of fine-grained access controls. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 (AV:L/A...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
cve
cve
added 2 days ago8 views

CVE-2026-11403

The CVE affects Sonatype Nexus Repository Manager. The flaw is in the format-specific API key generation, where a remote attacker could gain unauthorized access to repository operations as a targeted user if a format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token)...

8.7CVSS6.1AI score0.00349EPSS
Exploits0References2
mscve
mscve
added 2 days ago4 views

Active Directory Federation Services Elevation of Privilege Vulnerability

Insufficient granularity of access control in Active Directory Federation Services AD FS allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00379EPSS
Exploits0
mscve
mscve
added 2 days ago4 views

Windows Event Logging Service Remote Code Execution Vulnerability

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS6.2AI score0.00613EPSS
Exploits0
Rows per page
Query Builder