18982 matches found
Grafana <= 6.7.1 - Cross-Site Scripting
Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...
CVE-2026-48295
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...
CVE-2026-48329
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
EUVD-2026-44548
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
CVE-2026-48329 ColdFusion | Insufficient Session Expiration (CWE-613)
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...
CVE-2026-50502
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...
CVE-2026-50405
Insufficient granularity of access control in Windows Filtering Platform WFP allows an authorized attacker to elevate privileges locally...
CVE-2026-15757
Summary (CVE-2026-15757): NETGEAR DGND3700v1 modem router reportedly suffers an insufficent input validation vulnerability that could let an attacker on the same local Wi‑Fi network send unauthorized commands to the device. The description/records indicate the issue was discovered via controlled ...
CVE-2026-15757 Insufficient input validation vulnerability in NETGEAR DGND3700v1 modem router
A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has n...
CVE-2026-55006
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...
CVE-2026-48581
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally...
CVE-2026-48581
CVE-2026-48581 affects Microsoft Surface. It describes insufficient granularity of access control enabling a locally authenticated attacker to escalate privileges (Impact: high; CVSS 3.1 base 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected records show the vulnerability in Surface Broker SDM...
CVE-2026-55006
Microsoft Exchange Server vulnerability CVE-2026-55006: Insufficient granularity of access control enables local privilege escalation for an authorized attacker. Root cause: lack of fine-grained access controls. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 (AV:L/A...
CVE-2026-11403
The CVE affects Sonatype Nexus Repository Manager. The flaw is in the format-specific API key generation, where a remote attacker could gain unauthorized access to repository operations as a targeted user if a format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token)...
Active Directory Federation Services Elevation of Privilege Vulnerability
Insufficient granularity of access control in Active Directory Federation Services AD FS allows an authorized attacker to elevate privileges locally...
Windows Event Logging Service Remote Code Execution Vulnerability
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...