Lucene search
K

1437 matches found

CVE
CVE
added 2026/03/19 1:55 a.m.19 views

CVE-2025-15051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting in the Web UI, allowing embedded JavaScript to alter functionality. The connected IBM security bulletin specifies CVE-2025-15051, with CWE-79, CVSS 3.1 base score 5.4 (UI: REQUIRED, AV:N, AC:L, PR:L; C/L/I...

5.4CVSS5.5AI score0.00136EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/18 12:30 a.m.5 views

EUVD-2026-12685

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...

5.1CVSS4.1AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 12:0 a.m.10 views

CVE-2026-30695

The CVE-2026-30695 entry concerns a Cross-Site Scripting (XSS) vulnerability in the web-based configuration interface of Zucchetti Axess access control devices (models XA4, X3/X3BIO, X4, X7, XIO / i-door / i-door+). The issue is caused by improper sanitization of user-supplied input in the dirBro...

6.1CVSS5.8AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 6:57 p.m.28 views

CVE-2026-0835

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...

5.4CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:9 p.m.5 views

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

4.7CVSS5.8AI score0.003EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/11 12:32 p.m.9 views

CVE-2026-3943

CVE-2026-3943 affects H3C ACG1000-AK230. The vulnerability is a remote command-injection in an unknown part of /webui/?aaa_portal_auth_local_submit caused by manipulation of the argument suffix. Exploitation is possible without authentication and can be executed remotely; exploit details are publ...

7.5CVSS6.7AI score0.40802EPSS
Exploits0References4
Redos
Redos
added 2026/03/10 12:0 a.m.15 views

ROS-20260310-73-0013

A vulnerability in the user interface UI of the Google Chrome browser is related to the lack of a user warning about unsafe actions. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

9.8CVSS5.8AI score0.00315EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.8 views

CVE-2025-70225

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...

9.8CVSS6.1AI score0.00485EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.9 views

EUVD-2026-9444

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

10CVSS6.4AI score0.27551EPSS
Exploits4References2
NVD
NVD
added 2026/03/04 6:16 p.m.12 views

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

10CVSS0.33898EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-23106

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.12.0 Description ZITADEL, an open source identity management platform, had a flaw in its login V2 UI. This allowed users to circumvent login behavior and security policies, enabling self-registration of new...

9.9CVSS5.8AI score0.22162EPSS
Exploits68References140
ATTACKERKB
ATTACKERKB
added 2026/03/03 1:17 p.m.5 views

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:24 p.m.4 views

CVE-2026-20091

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...

4.8CVSS5.7AI score0.0017EPSS
Exploits0References2Affected Software3
Nvidia
Nvidia
added 2026/02/24 12:0 a.m.15 views

Security Bulletin: NVIDIA Cumulus Linux and NVOS - February 2026

NVIDIA has released an update for Cumulus Linux and NVOS to address the security issues that might lead to impacts described in this bulletin. To protect your system, download and install the latest NVIDIA components from the links provided in this document. Go to NVIDIA Product Security. Details...

8.8CVSS5.6AI score0.00762EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21799

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...

9.8CVSS5.8AI score0.00538EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.7 views

PT-2026-21800

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to OS command injection through a field in its MMadmServ web interface. This allows attackers to potentially execute remote code. The vulnerabilit...

9.8CVSS5.9AI score0.01433EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/23 4:26 p.m.5 views

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

5.1CVSS5.2AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.5 views

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

5.1CVSS5.1AI score0.00102EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.6 views

Yokogawa Electric Corporation Vnet/IP Interface 安全漏洞

Yokogawa Electric Corporation Vnet/IP Interface is a real-time control network interface of Yokogawa Electric Corporation. Versions of Yokogawa Electric Corporation Vnet/IP Interface prior to R1.07.00 contained a security vulnerability. This vulnerability stemmed from the handling of malicious da...

8.2CVSS5.9AI score0.00191EPSS
Exploits0References1
NCSC
NCSC
added 2026/02/06 9:22 a.m.9 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References1
Rows per page
Query Builder